CertStudyGuideIDGv7.1SolnImplSlides 20150814

IBM DataPower Gateway v7.
1 Solution Implementation
Certification Study Guide

Bill Barrus, WW Channel Tech Sales, IBM Systems Unit Software
Senior Software Engineer, Certified IT Specialist; bbarrus@us.ibm.com
2015 IBM Corporation
Test C2180-416: IBM DataPower Gateway V7.1, Solution

Implementation
Number of questions: 71
Time allowed: 2 hours!
Required passing score: 63%
Test language: English
http://www.ibm.com/certify/tests/ovrC2180-416.shtml
Recommended Prerequisite Skills Basic knowledge

Networking (TCP/IP, DNS, load balancing, packet tracing and failover)
PKI (Digital certificates, Certificate Revocation Lists (CRL), SSL)
Transports (IMS Connect, WebSphere MQ, JMS, FTP, SFTP and HTTP)
XML (XSD, XSLT/XPath)
Web services (SOAP, WSDL and WS-Policy)
Web services security (WS-Security, XML encryption and XML digital signature)
Identity management software and protocols (Kerberos, LDAP, OAuth and SAML)
SOA Governance (web services management and registries)
Data mapping and transformations
Operations Management (logging and monitoring)
Enterprise Architecture (Cloud, SOA and Enterprise Security)
JavaScript ECMA Script 5.1 *
JSON *
Perl Compatible Regular Expression (PCRE) syntax *
* new skills required since version 5
Preparation suggestions
1. Work through the
Discovering the value of IBM WebSphere DataPower SOA Appliances labs and
study the excellent lab notes.
2. Take the two classes if you can.
Accelerate, Secure and Integrate with IBM DataPower V7.1,
Administration of IBM WebSphere DataPower Gateway V7
3. Use the following resources as you go through each sections objective list:
Test preparation tab Web Resource listed by topic - search hyperlinked terms.
DataPower v7.1 Knowledge Center the official product documentation
4. Take the Sample / Assessment Test if you have not taken the certification test
yet.
There are only 6 questions, which can give you a sense for the format of the real test,
and it provides the answers.
5. Take notes as we step through the remaining slides to help direct your focus of
study.
Study your notes prior to taking the exam.
Sections of the Test

1. Architecture and Basic Configuration (18%)
2. Administration and Operational Architecture (21%)
3. Security Scenarios (15%)
4. Integration Scenarios (21%)
5. SOA Governance Scenarios (6%)
6. Troubleshooting and Tuning (18%)
Section 1 - Architecture and Basic Configuration

a.
Select the appropriate IBM DataPower Gateway modules and form factors based on specified use cases.
b.
Select the appropriate usage scenarios such as load balancing and redundancy for High Availability.
c.
Select the appropriate DataPower service type for a given use case scenario. [Architectural design patterns
Chapter 2.]
d.
Select the appropriate message type and/or message exchange pattern based on use case scenarios. [SOAP,
XML, JSON, Pass-Thru and Non-XML]. [Architectural design patterns Chapter 2.]
e.
Identify integration capabilities between DataPower and other products. [for example: MQ, SQL, WSRR, WTX,
and especially front side handlers]
f.
Architect a service considering capacity, scalability, security and future growth .
g.
Architect a service considering failure handling, audit logging and monitoring. [

Administration, Deployment, and Best Practices Chapter 6]
h.
Identify the implications of enabling Common Criteria mode during the appliance initialization process.
i.
Perform initial setup and enablement of the administrative interfaces.
j.
Configure a service and associated DataPower objects using the WebGUI, CLI and XML Management
Interface.
k.
Identify, configure, and deploy use case patterns via the Blueprint Console.
Single, modular & extensible platform 1
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform
Physical Appliance
Converges three existing products, XG45 / XI52 / XB62, into a single modular offering
Available in physical and virtual form factor
2U rack mount appliance using latest generation hardware platform

Two base editions: Non-HSM and HSM (FIPS 140-2 Level 3 certified)
Each software module is licensed separately
Virtual Edition
Three editions: Developer, Non-Production, Production

Developer includes all software modules at no additional cost, except TIBCO EMS
Non-Production includes all software modules at no additional cost, except TIBCO EMS & ISAM Proxy
Production: Each software module is licensed separately
ISAM
Proxy
Module
Integration
Module
B2B
Module
AO
Module
TIBCO
EMS
Module
All software
modules are field
upgradeable
Supports V7.1
& above
(2U Physical, Virtual Edition)

7
Single, modular & extensible platform 2
Modules
B2B Module
B2B DMZ gateway

EDIINT AS1,AS2,AS3,ebXML
Partner profile management
B2B transaction viewer
Any-to-Any message transformation
Database connectivity
ISAM Proxy Module
User access control, session

management, web SSO enforcement
Advanced mobile security: mobile
SSO, context-based access, one-time
password, multi-factor authn
Integration with ISAM for Mobile
TIBCO EMS
Module
Integrate with TIBCO EMS messaging

middleware
Support for queues & topics
Load balancing & fault-tolerance
Application Optimization
Module
Frontend self-balancing
Backend intelligent load distribution
Session affinity
z Sysplex Distributor integration
Integration
Module
Any-to-Any message transformation

Database connectivity
Mainframe IMS connectivity
IBM DataPower Gateway (Base)

Secure
Authentication, authorization
Security token translation
Service / API virtualization
Threat protection
Message validation
Message filtering
Message digital signature
Message encryption
AV scanning integration
Integrate
Transport protocol bridging

Message enrichment
Message transformation &
processing using JavaScript,
JSONiq, XQuery, XSLT
Mainframe integration &
enablement
Flexible pipeline message
processing engine
Control & Manage
Service level management

Quota & rate enforcement
Content-based routing
Message accounting
Integration w/ management &
visibility platforms including IBM
API Management & WSRR for
policy enforcement
Optimize & Offload
SSL / TLS offload

Hardware accelerated crypto*
JSON, XML offload
JavaScript, JSONiq, XSLT,
XQuery acceleration
Local response caching
Distributed caching with WXS
or XC10
Backend load balancing
2U Physical or Virtual Edition

8
Firmware V7.1, Modules & Supported Platforms
Firmware V7.1 delivers

ISAM Proxy Module to enable advance access enforcement of mobile & web use cases
B2B Module to enable secure B2B integration capabilities, formerly available on XB62 only
Integration Module to enable integration functionality including any-to-any message
transformation, database connectivity & mainframe connectivity
Kerberos S4U2Self functionality to provide flexible authentication for Microsoft environments
Increase in XML Names maximum to allow for large configurations, RAS & other enhancements
V7.1 supports the following
ISAM Proxy module requires V7.1 and is available on the following
IBM DataPower Gateway (Physical and Virtual Edition)

XG45 (Physical and Virtual Edition)
XI52 (Physical and Virtual Edition), XI50B (2426 & 4195 models)
XB62 (Physical)
XG45 (Physical, and Virtual Edition)
XI52 (Physical, and Virtual Edition)
XB62 (Physical)
B2B module requires V7.1 and is available on the following

XG45 (Physical, and Virtual Edition)
XI52 (Physical, and Virtual Edition)
Integration module requires V7.1 and is available on the following

Common Use Cases

IBM DataPower Gateway Appliances are the industry-leading
Security & Integration gateways that help provide security, integration, control and
optimized access to a full range of
Mobile, Web, API, SOA, B2B, & Cloud workloads
Internet
DMZ
Trusted Domain
Consumer
DataPower Gateway
Application or Servic
DataPower Gateway
Middleware
Consumer
1
2
3
4
Mobile Gateway
API Gateway
Web Gateway
B2B Partner
Gateway
Trading partners
10
5
6
7
8
z System
SOA & API Gateway

ESB / Integration Gateway
Internal Security Enforcement
Web Services Governance &

Management
Legacy Integration
Processing Policy
A service defines a single policy
The policy is enforced through rules.
Each rule contains:

Match action
Defines criteria to determine if incoming traffic is processed by the rule
Processing actions:
A rule defines one or more actions taken on the submitted message.
11
Processing Rules
Rules have the following directions:
Server to Client (response)

Client to Server (request)
Both Directions (request and response)
Error: executes when errors occur during processing in the request and response rules
Rules have priority and can be reordered.

Multiple rules may match on same URL can be reordered
Specific rules have higher priority than catch all rules
12
Matching Rule
A match action allows you to provide different processing based on
matching conditions.
Match criteria can be based on:
Error code value

Fully qualified URL
Host
HTTP header value
URL
XPath expression
13
Processing Actions
A rule consists of multiple processing actions with scope
Actions such as transformation or validation execute during the request or
response rule (if any).
Contexts or defined variables within the scope are used to pass information
between actions.
14

1. Architecture and Basic Configuration Tasks (18%)
15
Section 2 - Administration and Operational Architecture

a. Create and administer users, roles, and Role Based Management on the appliance.
b. Select and configure network settings including link aggregation and VLAN settings.
c. Implement configuration management (import, export, secure backup and secure restore.)
d. Implement High Availability, including Application Optimization, and disaster recovery
solutions as they apply to the IBM DataPower Gateway.
e. Configure deployment policies and deployment policy variables.
f.
Use host names and aliases for portability between environments.
g. Perform tasks using the appliances administrative interfaces (CLI, WebGUI, XML
Management).
h. Manage appliance firmware versions.
i.
Manage and backup certificates and keys including the use of the Hardware Security
Module (HSM).
j.
Enable monitoring for the appliance.
16
Initial Network Setup

Use the null-modem cable or a USB-to-serial converter cable to connect
the terminal or PC to the SERIAL connector on the device.
Ensure that the terminal or PC is configured for standard 115200 8N1
(9600 for 7198/9 or 2426 appliances) and no flow control operation.
Turn on the appliance. You should hear the fans change speed as the
screen displays the following information. DPOS... Wait for a few
seconds for the device to boot.
Login as admin/admin.
Read and accept the license agreement. You will be prompted to change
the default admin password.
You can define the base configuration in one of the following ways:
With the startup command, which uses the DataPower installation wizard.
With a manual procedure, which uses a series of DataPower commands.
17
Users and Roles

User accounts
Group-defined
The group-defined account type establishes this user as a member of a user group.
Privileged
The privileged account type provides this user with access to the entire resource
suite from the WebGUI and CLI on a domain-by-domain basis. Users with privileged
access can configure and can monitor all appliance operations.
User
The user account type provides this user with access to view configuration details to
most, but not all, objects.
18
Users and Roles

User Groups
A user group represents a collection of users who perform similar duties and require
the same level of access to the DataPower appliance.
Creating a group account:
Specify a name for the user group.
Format of access policy
address/domain/resource?Access=privileges&[field=value]
The address (appliance address), domain (application domain), and resource (e.g change-password,
radius) fields must be fully specified or specified with an asterisk (*). An asterisk matches all values.
The privileges string is comprised of the individual permission symbols that are separated by the plus sign (+)
character. For example, the string a+d+x+r+w represents add, delete, execute, read, and write permissions.
The field token must be one of the additional fields that can be added to the string. The corresponding value
can be a PCRE. E.g. Name, LocalAdress, LocalPort, etc.
19
Role-based Management (RBM)

Role-based management consists of the following capabilities:
Authenticating users: Extract the user identity from the access request and
authenticate the user identity that is presented. One of the following methods can
be used for user authentication (Local User, Custom, LDAP, RADIUS, SAF,
SPNEGO, SSL User Certificate, XML File)
Evaluating the access profile: The access profile defines the set of privileges
for one or more resources on the DataPower appliance. An access profile can
originate from any of the following credential mapping sources (Local User
Group, Custom, XML File)
Enforcing access to resources: After the user is authenticated and the access
profile is evaluated, the DataPower appliance enforces the established access
profile
Example: Check out: store:///RBMInfo.xml (found on the DataPower file system)
20
Configuration Management & High Availability

DataPower Configuration:
File Management
Application Domains
Devices and Environment
Load Balancers, Active/Active, Active/Standby Configuration
Network Objects:
Host Alias
Static Hosts
DNS Settings
Reference:
http://www.ibm.com/developerworks/websphere/library/techarticles/0801_ras
mussen/0801_rasmussen.html
21
Managing disaster recovery

Disaster Recovery (DR) is the ability to create a secure backup that you can use to
recover the complete configuration of a lost appliance. DR uses a backup-restore
process that must be enabled. To check, click Administration Device System
Settings. If the Backup Mode property is set to Secure, disaster recovery is available.
Unlike a standard backup, a secure backup contains
private data from the appliance (certificates, keys, and user data), which the appliance encrypts
with a customer-provided certificate and a DataPower certificate.
an unencrypted XML manifest file, which includes information such as the date of the backup and
the firmware level, model, and serial number of the backed-up appliance. You can view the
unencrypted manifest file.
The backup-restore process must be used among appliances that are at the same firmware level
and have the same compatible configuration.
A secure restore does not merge data. The restore deletes all private data (certificates,
keys, and user data) that is currently on the target appliance.
Reference: InfoCenter Managing Disaster Recovery
22
Consolidate your infrastructure with Application

Optimization
Use Self-Balancing technology to spread inbound traffic load across
multiple DataPower appliances using a single target.
Eliminate the need for additional physical load balancers.
Efficiently distributes traffic with minimal overhead.
Use Intelligent Load Distribution to optimize outbound

traffic across multiple destinations.
Supports dynamic WebSphere cell interrogation.
Automatically updates targets and weights.
Use Session Affinity to preserve target

session state across multiple requests.
Supports WebSphere and non-WebSphere targets.
WS Application Accelerator for Public Networks

Secure Cloud Connector
Reference: WSTE presentation on AO

developerWorks article Using DataPower AO etc.
23
Administration Interfaces
CLI
Select Network Management SSH Service to display the SSH Service Configuration
(Main) screen.
Telnet
Select Network Management Telnet Service to display the Telnet Service catalog.
WebGUI
Access to the appliance via the WebGUI is supported by a dedicated HTTP server that you
configured during the initial appliance configuration process.
XML Management Interface

The DataPower appliance can be configured and managed completely through the XML
Management Interface. When enabled, this interface allows administrators to send status and
configuration requests to the DataPower appliance through a standard SOAP interface.
WSDM interface
When enabled, this implementation provides a protocol-specific interface for managing Web
Service endpoints that were instantiated on the appliance through Web Service Proxy objects.
24
Go back to previous firmware level

You can toggle between releases by rolling back and forth between
the current and the previous image. This includes rolling back between
major releases.
In the WebGui:
from the Control Panel, choose System Control.
in the Firmware Roll-Back section click the "Firmware Roll-Back" button to
toggle between images.
Using the CLI:

Enter the command "CO".
Enter the command "flash" press enter.
Enter the command "boot switch" press enter.
25

26
Section 3 - Security Scenarios

a.
Configure crypto objects.
b.
Configure a service to use SSL.
c.
Configure a service to use WS-Security.
d.
Configure a service to secure a WSDL-described web service.
[Items e and f are covered in subsequent slides]

e.
Configure a service to enforce non-repudiation using digital signatures.
f.
Configure a service to enforce confidentiality using encryption.
g.
Configure a service to enforce authentication and authorization.
h.
Configure message-level threat protection.
i.
Configure a service to use OAuth.
j.
Configure the use of a security server such as IBM Security Access Manager (ISAM), SAML and LDAP.
k.
Identify the implications of enabling the FIPS 140-2 Level Compliance modes.
27
Security Terminology
Authentication verifies the identity of a client.
Authorization decides a client's level of access to a protected resource.
Integrity ensures that a message has not been modified while in transit. A cryptographic hash
allows the end user to check if a certain message was intercepted or tampered with.
Confidentiality ensures that the contents of a message are kept secret. DataPower allows
message and field level encryption, which ensures that no one can access the payload
without the appropriate decrypt key.
Non-repudiation allows the client to prove that the server has received a previously sent
message, and vice-versa. Digital signatures are used to determine if the message was sent
by the actual originator.
Securing data while in-flight: DataPower provides in-flight security using the secure socket
layer (SSL). It provides support for HTTPS, FTPS, SFTP, and MQ.
Auditing maintains records to hold clients accountable to their actions.
Reference: Achieving PCI compliance using WebSphere DataPower
28
Web Services Security

Web services security (WS-Security) provides a standard, platform-independent
way for specifying message-level security information.
Flexible set of mechanisms for using a range of security protocols
Does not define a set of security protocols
Provides end-to-end security
Associate security tokens with a message
Username Token profile

X.509 Token profile
Kerberos Token profile
SAML Token profile: Security Assertion Markup Language
REL Token profile: Rights Expression Language
Confidentiality (XML Encryption)
Process for encrypting data and representing the result in XML
Integrity (XML Signature)
Digitally sign the SOAP XML document, providing integrity and signer authentication
XML Canonicalization
Normalizes XML document

Ensures two semantically equivalent XML documents contain the same octet stream
Reference: Web Service Proxy Developers Guide
29
29
Flexible Authentication, Authorization, and Auditing

(AAA) policies
HTTP Headers
WS-Security Tokens
WSSecureConversation
WS-Trust
Kerberos
X.509
SAML Assertion
IP Address
LTPA Token
Custom
Extract
Identity
LDAP
System/z NSS (RACF, SAF)
Tivoli Access Manager
Kerberos
WS-Trust
Netegrity SiteMinder
RADIUS
SAML
LTPA
Verify Signature
Custom
AAA
Map
Identity
Authenticate
input
LDAP
ActiveDirectory
System/z NSS
Tivoli Access Manager
SAML
XACML
Custom
Add WS-Security
Generate z/OS ICRX Token
Generate Kerberos
Generate SAML
Generate LTPA
Map Tivoli Federated Identity
Authorize
Extract
Resource
Audit &
Post-Process
output
Map
Resource
URL
SOAP Operation
HTTP Operation
Custom
External access control server or onboard identity management store

30
Secure your data with XML threat protection
XML Threat Protection

Entity expansion/recursion attacks
Message/data tampering
Public Key DoS
Message snooping
XML Flood
Xpath or SQL injection
Resource Hijack
XML encapsulation
Dictionary Attack
XML virus
Replay Attack
Configuring XML threat protection
31

32
Section 4 - Integration Scenarios

a.
Configure a service Front Side Protocol Handler.
b.
Configure a service Backend URL. [dynamic backed]
c.
Configure a service for mediation between protocols.
d.
Configure a service for integration with messaging systems such as IBM MQ.
e.
Configure a service to transform XML and Non-XML messages. [transformation using the
Transform actions for v7.1]
f.
Configure a service for Web 2.0 scenarios. REST proxy deployment,

Rest bridge deployment
g.
Configure a service for database integration.
h.
Configure a service to integrate with IMS Connect.
i.
Use the Interoperability Test Service during service development.
j.
Use extension functions as appropriate within a stylesheet.
k.
Customize message processing using GatewayScript module functions.
l.
Configure services that support portability between environments. [see next slide]
m.
Configure a service to perform JSON schema validation.

33
Configuration for Migration

Environments in this case are:
Development
Test
Production
Use these best practices (chapter 3) to make a configuration more

portable and maintainable
Use Host Alias rather than dot decimal address in Services that expose
external ports.
Use Environment Specific DNS when possible rather than dot decimal
address
Use Static Hosts to handle DNS aberrations.
Externalize XLST IP/Port and Host Name references via the Identity
Document.
Migrate only those objects which require migration.
34

35
Section 5 SOA Governance Scenarios

a. Configure Message Monitors and Service Level Monitoring (SLM)
policies to enforce Service Level Agreements (SLAs).
b. Attach and enforce WS-Policy statements using a web service proxy
service. [focus on enforcement in the knowledge center article]
c.
Attach and enforce WS-MediationPolicy statements within a web

service proxy service.
d. Configure subscriptions to external service registries such as

WebSphere Service Registry and Repository (WSRR).
36
Monitors
Allow for constant feedback on messages that flow through the appliance. You can
configure monitors to generate log messages at a given log level after reaching a count or
latency threshold or other event trigger. Monitors can also throttle (reject) or shape (delay)
traffic after reaching a count or latency threshold or other event trigger
Count Monitors
Increment a counter every time messages of a particular type pass through a service
Duration Monitors
Increment a counter every time a configured amount of time passes during the processing of
messages of a particular type
Web Service Monitors

Offer the ability to configure monitoring based on the services defined in a WSDL
Service Level Monitors

Allow finer degree of control which can extend to the precise definition of users or resources and
the scheduling of operations
37
WS-Policy
The WS-Policy standard provides an XML vocabulary for Web services to describing
their constraints and requirements.
Each policy consists of one or more policy assertions.
Policy assertions define the requirements of a service for a particular policy domain.
Require username token
Require encryption
Require digital signature
Policy assertions do not follow any predefined format, except that they are
embedded within a <Policy> tag.
<wsp:Policyxmlns:wsp="http://www.w3.org/2006/07/ws-policy">
<UsernameToken/> /* Policy Assertion */
</wsp:Policy>
The WS-Policy specification allows you to enforce requirements that cannot be described by
a WSDL file. For example, if you require all requests to be digitally signed, it is not possible to
encode that requirement in a WSDL file.
38

39
Section 6 - Troubleshooting and Tuning (13%)

a. Resolve network connectivity problems.
b. Perform and analyze packet captures.
c.
Configure Log Targets for analysis and alerting.
d. Configure event triggers.

e. Analyze and interpret system logs.
f.
Debug message flows using the Probe.
g. Configure a service for transaction logging.

h. Configure the appliance to manage memory usage.
i.
Configure the appliance for network optimization. [Static route table]
j.
Use status providers and built-in capabilities to perform analysis and

troubleshooting.
k.
Configure caching on a service.

40
Packet Capture
Generates a PCAP file
Use Wireshark (Ethereal) or other PCAP tool to analyze the results.
41
Event Triggers
You can use the event triggers to automatically run commands when
specific messages are logged. Typical usage would be to generate an
error report when a rarely observed but recurring message is logged.
You can define event triggers for a variety of situations:

Starting and stopping a packet capture.
Creating an error report when a discrete service encounters a problem.
Using a custom message.
42
Network Connectivity
43
Preparation suggestions - repeated

1. Work through the
Discovering the value of IBM WebSphere DataPower SOA Appliances labs and
study the excellent lab notes.
2. Take the two classes if you can. Accelerate, Secure and Integrate with IBM
DataPower V7.1, Administration of IBM WebSphere DataPower Gateway V7
3. Use the following resources as you go through each sections objective list:
Test preparation tab Web Resource listed by topic - search hyperlinked terms.
DataPower v7.1 Knowledge Center the official product documentation
4. Take the Sample / Assessment Test if you have not taken the certification test
yet.
There are only 6 questions, which can give you a sense for the format of the real test,
and it provides the answers.
5. Take notes.
Study your notes prior to taking the exam.
44
The test
Contains questions requiring single and multiple answers
For multiple-answer questions, you need to choose all required options to get the
answer correct
You will be advised how many options make up the correct answer
Is designed to provide diagnostic feedback on the Examination Score Report

Correlating back to the test objectives
Informing the test taker how they did on each section of the test.
Questions and answers are not distributed
45
Tips for passing the test

Taking the Test
Some questions are very tricky while others are very straightforward.
Try not to get discouraged and return to the more difficult questions if
time permits.
Remember that a score of 63% is enough to pass.
Afterwards
If you pass, celebrate!
If not, record questions that you missed
Find answers you missed in the Knowledge Center or other sources and
schedule to take the test again soon.
46
bbarrus@us.ibm.com
47
Backup
48
Foundational Technologies
a.
Identify the characteristics of TCP/IP networking.
b.
Identify the characteristics of Public Key Infrastructure (PKI).
c.
Describe how SSL transport encryption and endpoint authentication works.
d.
Identify the characteristics of an XML message, SOAP message and JSON

Message.
e.
Identify the characteristics of XSLT, XPath expressions, XSD and WSDL.
f.
Identify basic message-level security concepts.
g.
Identify the characteristics of attachments in web services.
h.
Describe the characteristics of messaging systems such as WebSphere MQ

and JMS.
i.
Identify the characteristics of Web 2.0 services.
49
SSL Handshake
SSL Server
SSL Client
(1) Client Hello, Cipher Suites
Supported, version supported
(2) Server Hello, Cipher Suite
Selected, Server Certificate,
Client Certificate Request
(optional)
(3) Verify Server

certificate. Check
cryptographic
ciphersuite
selected by the
server
(4) Client key exchange, Send

secret key (encrypted with server
public key)
(5) Send client certificate (optional)
(6) Verify client

certificate
(optional)
(7) Client Finish
(8) Server Finish
(9) Exchange messages

(encrypted)
More on SSL handshake
50
SSL Object Hierarchy and underlying PKI integration
The Crypto Identification Credential object is used when providing an identity to

connecting clients. When a client connects, it requests a certificate. The crypto ID
credential references which certificate should be returned to the client. It also references
a private key which is used by SSL.
A Crypto Validation Credential can be used when verifying a digital signature when the
signer may be one of many different business partners. With a crypto validation credential
(often referred to as a valcred), you can create a single processing rule with a single
signature verification action that will accommodate countless public certificates.
The Crypto Profile object ties together a Crypto ID credential and a Crypto Validation
credential.
The SSL Proxy Profile provides some protocol-specific options and references a crypto
profile. The SSL Proxy Profile thus contains every bit of information needed to establish
one or two-way SSL handshaking.
51
XML Example
Test is focused on examples. Here is an example from w3schools.com taken out of XPath
section.
<?xml version="1.0" encoding="ISO-8859-1"?>
<bookstore>
</book>
<book category="WEB">
<title lang="en">XQuery Kick Start</title>
<author>James McGovern</author>
<author>Per Bothner</author>
<author>Kurt Cagle</author>
<author>James Linn</author>
<author>Vaidyanathan Nagarajan</author>
<year>2003</year>
<price>49.99</price>
</book>
<book category="WEB">
<title lang="en">Learning XML</title>
<author>Erik T. Ray</author>
<year>2003</year>
<price>39.95</price>
</book>
</bookstore>
52
XSLT
XSLT is used to transform an XML document into another XML document, or another
type of document that is recognized by a browser, like HTML and XHTML. Normally
XSLT does this by transforming each XML element into an (X)HTML element.
With XSLT you can add/remove elements and attributes to or from the output file. You
can also rearrange and sort elements, perform tests and make decisions about which
elements to hide and display, and a lot more.
In the transformation process, XSLT uses XPath to define parts of the source document
that should match one or more predefined templates. When a match is found, XSLT will
transform the matching part of the source document into the result document.
Refer to: http://www.w3schools.com/xsl/xsl_intro.asp for more information.
53
XPath
X-Path is a specification for describing a location with an XML document.
Shared by many XML-based standards/technologies
Used by XSLT, XPointer, and XQuery
Allows you to address elements of a document that meet specified criteria.

Example: In XML for a book on Java, find the chapters with JDBC in the title
Provides the ability to retrieve a subset of an XML document in any direction.

Forwards, backwards or sideways
Expression shortcuts
//[element] selects element node regardless of location

. selects the current node
.. selects the parent of the current node
@[attribute-name] selects an attribute
54

CertStudyGuideIDGv7.1SolnImplSlides 20150814

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CertStudyGuideIDGv7.1SolnImplSlides 20150814

Uploaded by

Copyright:

Available Formats

IBM DataPower Gateway v7.

Certification Study Guide

2015 IBM Corporation

Test C2180-416: IBM DataPower Gateway V7.1, Solution

2015 IBM Corporation

Recommended Prerequisite Skills Basic knowledge

2015 IBM Corporation

2015 IBM Corporation

Sections of the Test

2015 IBM Corporation

Section 1 - Architecture and Basic Configuration

Architect a service considering capacity, scalability, security and future growth .

Architect a service considering failure handling, audit logging and monitoring. [

Perform initial setup and enablement of the administrative interfaces.

2015 IBM Corporation

Single, modular & extensible platform 1

2U rack mount appliance using latest generation hardware platform

Three editions: Developer, Non-Production, Production

(2U Physical, Virtual Edition)

2015 IBM Corporation

Single, modular & extensible platform 2

B2B DMZ gateway

ISAM Proxy Module

User access control, session

Integrate with TIBCO EMS messaging

Any-to-Any message transformation

IBM DataPower Gateway (Base)

Transport protocol bridging

Control & Manage

Service level management

Optimize & Offload

SSL / TLS offload

2U Physical or Virtual Edition

2015 IBM Corporation

Firmware V7.1, Modules & Supported Platforms

Firmware V7.1 delivers

V7.1 supports the following

ISAM Proxy module requires V7.1 and is available on the following

IBM DataPower Gateway (Physical and Virtual Edition)

B2B module requires V7.1 and is available on the following

Integration module requires V7.1 and is available on the following

2015 IBM Corporation

Common Use Cases

SOA & API Gateway

Web Services Governance &

Each rule contains:

2015 IBM Corporation

Server to Client (response)

Rules have priority and can be reordered.

2015 IBM Corporation

Match criteria can be based on:

Error code value

2015 IBM Corporation

2015 IBM Corporation

Sections of the Test

2015 IBM Corporation

Section 2 - Administration and Operational Architecture

Use host names and aliases for portability between environments.

Enable monitoring for the appliance.

2015 IBM Corporation

Initial Network Setup

2015 IBM Corporation

Users and Roles

2015 IBM Corporation