Professional Documents
Culture Documents
1 Solution Implementation
Number of questions: 71
Time allowed: 2 hours!
Required passing score: 63%
Test language: English
http://www.ibm.com/certify/tests/ovrC2180-416.shtml
Preparation suggestions
1. Work through the
Discovering the value of IBM WebSphere DataPower SOA Appliances labs and
study the excellent lab notes.
2. Take the two classes if you can.
Accelerate, Secure and Integrate with IBM DataPower V7.1,
Administration of IBM WebSphere DataPower Gateway V7
3. Use the following resources as you go through each sections objective list:
Test preparation tab Web Resource listed by topic - search hyperlinked terms.
DataPower v7.1 Knowledge Center the official product documentation
4. Take the Sample / Assessment Test if you have not taken the certification test
yet.
There are only 6 questions, which can give you a sense for the format of the real test,
and it provides the answers.
5. Take notes as we step through the remaining slides to help direct your focus of
study.
Study your notes prior to taking the exam.
Select the appropriate IBM DataPower Gateway modules and form factors based on specified use cases.
b.
Select the appropriate usage scenarios such as load balancing and redundancy for High Availability.
c.
Select the appropriate DataPower service type for a given use case scenario. [Architectural design patterns
Chapter 2.]
d.
Select the appropriate message type and/or message exchange pattern based on use case scenarios. [SOAP,
XML, JSON, Pass-Thru and Non-XML]. [Architectural design patterns Chapter 2.]
e.
Identify integration capabilities between DataPower and other products. [for example: MQ, SQL, WSRR, WTX,
and especially front side handlers]
f.
g.
h.
Identify the implications of enabling Common Criteria mode during the appliance initialization process.
i.
j.
Configure a service and associated DataPower objects using the WebGUI, CLI and XML Management
Interface.
k.
Identify, configure, and deploy use case patterns via the Blueprint Console.
IBM DataPower Gateway is the new name of a consolidated, extensible & modular platform
Physical Appliance
Converges three existing products, XG45 / XI52 / XB62, into a single modular offering
Available in physical and virtual form factor
Virtual Edition
ISAM
Proxy
Module
Integration
Module
B2B
Module
AO
Module
TIBCO
EMS
Module
All software
modules are field
upgradeable
Supports V7.1
& above
Modules
B2B Module
TIBCO EMS
Module
Application Optimization
Module
Frontend self-balancing
Backend intelligent load distribution
Session affinity
z Sysplex Distributor integration
Integration
Module
Authentication, authorization
Security token translation
Service / API virtualization
Threat protection
Message validation
Message filtering
Message digital signature
Message encryption
AV scanning integration
Integrate
DMZ
Trusted Domain
Consumer
DataPower Gateway
Application or Servic
DataPower Gateway
Middleware
Consumer
1
2
3
4
Mobile Gateway
API Gateway
Web Gateway
B2B Partner
Gateway
Trading partners
10
5
6
7
8
z System
Legacy Integration
2015 IBM Corporation
Processing Policy
A service defines a single policy
The policy is enforced through rules.
Processing actions:
A rule defines one or more actions taken on the submitted message.
11
Processing Rules
Rules have the following directions:
12
Matching Rule
A match action allows you to provide different processing based on
matching conditions.
13
Processing Actions
A rule consists of multiple processing actions with scope
Actions such as transformation or validation execute during the request or
response rule (if any).
Contexts or defined variables within the scope are used to pass information
between actions.
14
15
g. Perform tasks using the appliances administrative interfaces (CLI, WebGUI, XML
Management).
h. Manage appliance firmware versions.
i.
Manage and backup certificates and keys including the use of the Hardware Security
Module (HSM).
j.
16
17
Group-defined
The group-defined account type establishes this user as a member of a user group.
Privileged
The privileged account type provides this user with access to the entire resource
suite from the WebGUI and CLI on a domain-by-domain basis. Users with privileged
access can configure and can monitor all appliance operations.
User
The user account type provides this user with access to view configuration details to
most, but not all, objects.
18
address/domain/resource?Access=privileges&[field=value]
The address (appliance address), domain (application domain), and resource (e.g change-password,
radius) fields must be fully specified or specified with an asterisk (*). An asterisk matches all values.
The privileges string is comprised of the individual permission symbols that are separated by the plus sign (+)
character. For example, the string a+d+x+r+w represents add, delete, execute, read, and write permissions.
The field token must be one of the additional fields that can be added to the string. The corresponding value
can be a PCRE. E.g. Name, LocalAdress, LocalPort, etc.
19
20
File Management
Application Domains
Devices and Environment
Load Balancers, Active/Active, Active/Standby Configuration
Network Objects:
Host Alias
Static Hosts
DNS Settings
Reference:
http://www.ibm.com/developerworks/websphere/library/techarticles/0801_ras
mussen/0801_rasmussen.html
21
A secure restore does not merge data. The restore deletes all private data (certificates,
keys, and user data) that is currently on the target appliance.
Reference: InfoCenter Managing Disaster Recovery
22
23
Administration Interfaces
CLI
Select Network Management SSH Service to display the SSH Service Configuration
(Main) screen.
Telnet
Select Network Management Telnet Service to display the Telnet Service catalog.
WebGUI
Access to the appliance via the WebGUI is supported by a dedicated HTTP server that you
configured during the initial appliance configuration process.
WSDM interface
When enabled, this implementation provides a protocol-specific interface for managing Web
Service endpoints that were instantiated on the appliance through Web Service Proxy objects.
24
25
26
b.
c.
d.
f.
g.
h.
i.
j.
Configure the use of a security server such as IBM Security Access Manager (ISAM), SAML and LDAP.
k.
Identify the implications of enabling the FIPS 140-2 Level Compliance modes.
27
Security Terminology
Authentication verifies the identity of a client.
Authorization decides a client's level of access to a protected resource.
Integrity ensures that a message has not been modified while in transit. A cryptographic hash
allows the end user to check if a certain message was intercepted or tampered with.
Confidentiality ensures that the contents of a message are kept secret. DataPower allows
message and field level encryption, which ensures that no one can access the payload
without the appropriate decrypt key.
Non-repudiation allows the client to prove that the server has received a previously sent
message, and vice-versa. Digital signatures are used to determine if the message was sent
by the actual originator.
Securing data while in-flight: DataPower provides in-flight security using the secure socket
layer (SSL). It provides support for HTTPS, FTPS, SFTP, and MQ.
Auditing maintains records to hold clients accountable to their actions.
28
Digitally sign the SOAP XML document, providing integrity and signer authentication
XML Canonicalization
29
29
Extract
Identity
LDAP
System/z NSS (RACF, SAF)
Tivoli Access Manager
Kerberos
WS-Trust
Netegrity SiteMinder
RADIUS
SAML
LTPA
Verify Signature
Custom
AAA
Map
Identity
Authenticate
input
LDAP
ActiveDirectory
System/z NSS
Tivoli Access Manager
SAML
XACML
Custom
Add WS-Security
Generate z/OS ICRX Token
Generate Kerberos
Generate SAML
Generate LTPA
Map Tivoli Federated Identity
Authorize
Extract
Resource
Audit &
Post-Process
output
Map
Resource
URL
SOAP Operation
HTTP Operation
Custom
Message/data tampering
Message snooping
XML Flood
Resource Hijack
XML encapsulation
Dictionary Attack
XML virus
Replay Attack
31
32
b.
c.
d.
Configure a service for integration with messaging systems such as IBM MQ.
e.
Configure a service to transform XML and Non-XML messages. [transformation using the
Transform actions for v7.1]
f.
g.
h.
i.
j.
k.
l.
Configure services that support portability between environments. [see next slide]
m.
34
35
36
Monitors
Allow for constant feedback on messages that flow through the appliance. You can
configure monitors to generate log messages at a given log level after reaching a count or
latency threshold or other event trigger. Monitors can also throttle (reject) or shape (delay)
traffic after reaching a count or latency threshold or other event trigger
Count Monitors
Increment a counter every time messages of a particular type pass through a service
Duration Monitors
Increment a counter every time a configured amount of time passes during the processing of
messages of a particular type
37
WS-Policy
The WS-Policy standard provides an XML vocabulary for Web services to describing
their constraints and requirements.
Each policy consists of one or more policy assertions.
Policy assertions define the requirements of a service for a particular policy domain.
Require username token
Require encryption
Require digital signature
Policy assertions do not follow any predefined format, except that they are
embedded within a <Policy> tag.
<wsp:Policyxmlns:wsp="http://www.w3.org/2006/07/ws-policy">
<UsernameToken/> /* Policy Assertion */
</wsp:Policy>
The WS-Policy specification allows you to enforce requirements that cannot be described by
a WSDL file. For example, if you require all requests to be digitally signed, it is not possible to
encode that requirement in a WSDL file.
38
39
j.
k.
Packet Capture
Generates a PCAP file
Use Wireshark (Ethereal) or other PCAP tool to analyze the results.
41
Event Triggers
You can use the event triggers to automatically run commands when
specific messages are logged. Typical usage would be to generate an
error report when a rarely observed but recurring message is logged.
42
Network Connectivity
43
4. Take the Sample / Assessment Test if you have not taken the certification test
yet.
There are only 6 questions, which can give you a sense for the format of the real test,
and it provides the answers.
5. Take notes.
Study your notes prior to taking the exam.
44
The test
Contains questions requiring single and multiple answers
For multiple-answer questions, you need to choose all required options to get the
answer correct
You will be advised how many options make up the correct answer
45
46
bbarrus@us.ibm.com
47
Backup
48
Foundational Technologies
a.
b.
c.
d.
e.
f.
g.
h.
i.
49
SSL Handshake
SSL Server
SSL Client
(1) Client Hello, Cipher Suites
Supported, version supported
(2) Server Hello, Cipher Suite
Selected, Server Certificate,
Client Certificate Request
(optional)
51
XML Example
Test is focused on examples. Here is an example from w3schools.com taken out of XPath
section.
<?xml version="1.0" encoding="ISO-8859-1"?>
<bookstore>
</book>
<book category="WEB">
<title lang="en">XQuery Kick Start</title>
<author>James McGovern</author>
<author>Per Bothner</author>
<author>Kurt Cagle</author>
<author>James Linn</author>
<author>Vaidyanathan Nagarajan</author>
<year>2003</year>
<price>49.99</price>
</book>
<book category="WEB">
<title lang="en">Learning XML</title>
<author>Erik T. Ray</author>
<year>2003</year>
<price>39.95</price>
</book>
</bookstore>
52
XSLT
XSLT is used to transform an XML document into another XML document, or another
type of document that is recognized by a browser, like HTML and XHTML. Normally
XSLT does this by transforming each XML element into an (X)HTML element.
With XSLT you can add/remove elements and attributes to or from the output file. You
can also rearrange and sort elements, perform tests and make decisions about which
elements to hide and display, and a lot more.
In the transformation process, XSLT uses XPath to define parts of the source document
that should match one or more predefined templates. When a match is found, XSLT will
transform the matching part of the source document into the result document.
53
XPath
X-Path is a specification for describing a location with an XML document.
Shared by many XML-based standards/technologies
Used by XSLT, XPointer, and XQuery
Expression shortcuts
54