Transcription
Front coverDataPower SOA ApplianceAdministration, Deployment,and Best PracticesDemonstrates user administration androle-based managementExplains network configuration,monitoring, and loggingDescribes appliance andconfiguration managementGerry KaplanJan BechtoldDaniel DickersonRichard KinardRonnie MitraHelio L. P. MotaDavid ShuteJohn Walczykibm.com/redbooks
International Technical Support OrganizationDataPower SOA Appliance Administration,Deployment, and Best PracticesJune 2011SG24-7901-00
Note: Before using this information and the product it supports, read the information in“Notices” on page xiii.First Edition (June 2011)This edition applies to DataPower firmware version 3.8.2. Copyright International Business Machines Corporation 2011. All rights reserved.Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADPSchedule Contract with IBM Corp.
Contact an IBM Software Services Sales SpecialistStart SMALL,Start BIG, . JUST STARTarchitectural knowledge, skills, research and development . . .that's IBM Software Services for WebSphere.Our highly skilled consultants make it easy for you to design, build, test and deploy solutions, helpingyou build a smarter and more efficient business. Our worldwide network of services specialists wants youto have it all! Implementation, migration, architecture and design services: IBM Software Services hasthe right fit for you. We also deliver just-in-time, customized workshops and education tailored for yourbusiness needs. You have the knowledge, now reach out to the experts who can help you extend andrealize the value.For a WebSphere services solution that fits your needs, contact an IBM Software Services Sales es/contacts.htmlContact an IBM Software Services Sales Specialistiii
ivDataPower SOA Appliance Administration, Deployment, and Best Practices
ContentsContact an IBM Software Services Sales Specialist . . . . . . . . . . . . . . . . . . . iiiNotices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiTrademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xivPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvThe team who wrote this book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvNow you can become a published author, too! . . . . . . . . . . . . . . . . . . . . . . . xviiiComments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviiiStay connected to IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xixChapter 1. Securing user access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.2 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.3 Device initialization considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31.3.1 Setting up the master administrator password . . . . . . . . . . . . . . . . . . 41.3.2 Enabling Disaster Recovery Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.4 Access control lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51.5 Authentication and credential mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.5.1 Locally managed users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.5.2 Locally defined user groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71.5.3 Using local user repository for contingency . . . . . . . . . . . . . . . . . . . 131.5.4 Pros and cons of using the local user repository . . . . . . . . . . . . . . . 131.5.5 RBM policy files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141.5.6 Remote authentication servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181.5.7 Single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221.5.8 Login processing summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231.6 Audit logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241.6.1 Obtaining the audit log using CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . 241.6.2 Copying the audit log using SOMA . . . . . . . . . . . . . . . . . . . . . . . . . . 251.7 Preferred practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261.8 Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Chapter 2. Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.2 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302.3 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312.3.1 Network interface configuration and routing . . . . . . . . . . . . . . . . . . . 312.3.2 VLAN sub-interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Copyright IBM Corp. 2011. All rights reserved.v
2.3.3 Network settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372.3.4 Host alias, static hosts, and domain name system . . . . . . . . . . . . . . 392.3.5 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402.3.6 Load balancing a back-end destination. . . . . . . . . . . . . . . . . . . . . . . 412.3.7 Intelligent Load Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422.3.8 Self-Balancing services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442.3.9 Load balancer health checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452.3.10 Standby Control and high availability . . . . . . . . . . . . . . . . . . . . . . . 452.4 Preferred practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462.4.1 Avoid using 0.0.0.0 as a listener . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462.4.2 Separating management traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462.4.3 Specify port values less than 10,000 . . . . . . . . . . . . . . . . . . . . . . . . 472.4.4 Persistent timeout consideration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472.4.5 Disable chained persistent connections . . . . . . . . . . . . . . . . . . . . . . 472.4.6 Configure network settings to be portable. . . . . . . . . . . . . . . . . . . . . 482.4.7 Multiple default gateways will create multiple default routes. . . . . . . 482.4.8 Standby Control preferred practices . . . . . . . . . . . . . . . . . . . . . . . . . 482.4.9 Management interface and default route . . . . . . . . . . . . . . . . . . . . . 502.4.10 Enabling “No Delay Ack” to avoid latency with other systems . . . . 502.4.11 Streaming large messages and flow control . . . . . . . . . . . . . . . . . . 522.5 Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522.5.1 Externalizing endpoints in a metadata document . . . . . . . . . . . . . . . 522.5.2 Disabling chained persistent connections for points of a service . . . 532.5.3 Port speed mismatch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542.5.4 Sample DNS workaround using static host . . . . . . . . . . . . . . . . . . . . 542.5.5 Sample CLI commands to capture DNS server responses. . . . . . . . 542.5.6 Verifying that Rapid Spanning Tree deployed properly for DataPowerStandby Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552.5.7 Example of deleting routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572.5.8 Sample XSLT for adding DataPower transaction ID to an HTTP headerfor outgoing traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Chapter 3. Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613.1 Application domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623.1.1 The default domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623.1.2 Domain use and benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623.1.3 Segregating projects and LOBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643.1.4 Number of domains on an appliance . . . . . . . . . . . . . . . . . . . . . . . . 643.1.5 Domain resource consumption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653.2 Domain structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653.2.1 Local flash-based file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 663.2.2 Domain configuration files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683.2.3 Domain logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68viDataPower SOA Appliance Administration, Deployment, and Best Practices
3.2.4 Domain monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693.2.5 Shared resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693.3 Domain persistence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693.3.1 Saving configuration changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703.3.2 Imported domain configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713.4 Usage considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713.4.1 Cross-domain file visibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723.4.2 Domain names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723.4.3 Restarting and resetting domains . . . . . . . . . . . . . . . . . . . . . . . . . . . 743.4.4 Quiescing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763.4.5 Cleaning up orphaned objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763.4.6 Isolating the domain network interface . . . . . . . . . . . . . . . . . . . . . . . 763.4.7 Deleting domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773.5 Preferred practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773.6 Further reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78Chapter 4. Simple Network Management Protocol monitoring. . . . . . . . . 814.1 Appliance monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 824.2 DataPower monitoring fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . 824.3 Enabling statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 834.4 SNMP monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 844.4.1 SNMP protocol messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 854.4.2 Management information base (MIB) structure . . . . . . . . . . . . . . . . . 854.4.3 SNMP traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 864.4.4 DataPower status providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 864.4.5 SNMP security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874.4.6 Configuring SNMP using the WebGUI . . . . . . . . . . . . . . . . . . . . . . . 894.4.7 Generating traps with SNMP log targets . . . . . . . . . . . . . . . . . . . . . . 974.5 Monitoring via the XML management interface. . . . . . . . . . . . . . . . . . . . . 994.5.1 Requesting device status and metrics . . . . . . . . . . . . . . . . . . . . . . 1014.6 Appliance monitoring values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1034.6.1 General device health and activity monitors . . . . . . . . . . . . . . . . . . 1044.6.2 Interface utilization statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1174.6.3 Other network status providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1254.7 SNMP traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1254.8 Certificate monitoring considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 1274.9 Preferred practices and considerations. . . . . . . . . . . . . . . . . . . . . . . . . . 129Chapter 5. IBM Tivoli Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1315.1 IBM Tivoli Monitoring environment architecture . . . . . . . . . . . . . . . . . . . 1325.1.1 Tivoli Management Services components . . . . . . . . . . . . . . . . . . . 1325.1.2 IBM Tivoli Composite Application Manager . . . . . . . . . . . . . . . . . . 1345.1.3 IBM Tivoli Composite Application Manager for SOA. . . . . . . . . . . . 135Contentsvii
5.2 Monitoring DataPower appliances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1385.2.1 Monitoring DataPower application-level traffic . . . . . . . . . . . . . . . . 1385.2.2 Monitoring hardware metrics and resource use . . . . . . . . . . . . . . . 1415.2.3 IBM Tivoli Composite Application Manager for SOA DataPower agentcomparisons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1475.3 Tivoli Composite Application Manager for SOA architecture . . . . . . . . . 1505.3.1 IBM Tivoli Composite Application Manager for SOA agents . . . . . . 1505.4 Monitoring DataPower service objects . . . . . . . . . . . . . . . . . . . . . . . . . . 1535.4.1 Customizing for Multi-Protocol Gateway traffic monitoring . . . . . . . 1535.4.2 Using latency logs for transaction monitoring . . . . . . . . . . . . . . . . . 1545.5 Tivoli Composite Application Manager for SOA deployment scenarios . 1555.5.1 Minimal deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1555.5.2 Multiple location, single agent deployment . . . . . . . . . . . . . . . . . . . 1565.5.3 Multiple location, multi-agent deployment . . . . . . . . . . . . . . . . . . . . 1575.5.4 Large multiple location deployment with health monitoring. . . . . . . 1585.5.5 Complete IBM Tivoli Composite Application Manager for SOA enterprisearchitecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1595.6 IBM Tivoli Composite Application Manager for SOA and DataPower’s built-inSLM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160Chapter 6. Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1636.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1646.1.1 Message process logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1646.1.2 Publish and subscribe system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1646.1.3 Log targets and log categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1656.1.4 Storing log messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1656.1.5 Email pager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1666.1.6 Audit logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1666.2 Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1676.3 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1676.4 Event logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1686.4.1 Create custom log categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1686.4.2 Create log targets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1686.4.3 Create log message generators . . . . . . . . . . . . . . . . . . . . . . . . . . . 1706.5 Transaction logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1706.5.1 Log action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1706.5.2 Results action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1726.6 Usage considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1726.7 Preferred practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1736.7.1 Set log priority levels higher in production environments . . . . . . . . 1736.7.2 Use the default domain for device-wide logging . . . . . . . . . . . . . . . 1746.7.3 Suppress repeated log messages. . . . . . . . . . . . . . . . . . . . . . . . . . 1746.7.4 Employ a load balancer for critical log targets . . . . . . . . . . . . . . . . 174viiiDataPower SOA Appliance Administration, Deployment, and Best Practices
6.7.56.7.66.7.76.7.8Select the appropriate syslog server . . . . . . . . . . . . . . . . . . . . . . . . 175Test production logging capacity before deployment . . . . . . . . . . . 175Plan for confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175Manage multiple-log target feedback loops . . . . . . . . . . . . . . . . . . 175Chapter 7. B2B configuration and administration . . . . . . . . . . . . . . . . . . 1777.1 Introduction to B2B appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787.2 B2B appliance benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1797.3 Preferred practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1817.3.1 Capacity planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1827.4 Use cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1847.4.1 Active/passive high availability use case . . . . . . . . . . . . . . . . . . . . 1857.4.2 XB60 active/active high availability use case . . . . . . . . . . . . . . . . . 190Chapter 8. Development life cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1938.1 Organizational structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1948.2 Software development life cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1968.2.1 Sequential life-cycle model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1968.2.2 Iterative life-cycle model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1968.2.3 Choosing a life-cycle model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1978.3 DataPower life-cycle stages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1978.3.1 Physical installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1988.3.2 Solution design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1988.3.3 Operational design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1988.3.4 Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1998.3.5 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1998.3.6 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199Chapter 9. Configuration management and deployment. . . . . . . . . . . . . 2019.1 Configuration management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2029.1.1 Revision control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2029.1.2 Parallel development. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2099.2 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2129.2.1 Upgrading an existing implementation . . . . . . . . . . . . . . . . . . . . . . 2129.2.2 Managing environment-specific values . . . . . . . . . . . . . . . . . . . . . . 2159.2.3 Handling public key infrastructure material . . . . . . . . . . . . . . . . . . . 2229.2.4 Checkpointing configurations for backing out changes . . . . . . . . . . 2239.2.5 Hot deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2259.3 Preferred practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225Chapter 10. Appliance management and automation . . . . . . . . . . . . . . . 22710.1 Task automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22810.1.1 The case for automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22810.1.2 The case against automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230Contentsix
10.2 Security considerations for automation . . . . . . . . . . . . . . . . . . . . . . . . . 23110.3 XML management interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23210.3.1 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23410.3.2 Appliance Management Protocol (AMP) . . . . . . . . . . . . . . . . . . . . 23610.3.3 SOAP Management Interface (SOMA) . . . . . . . . . . . . . . . . . . . . . 23710.3.4 WSDM and WS-Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24010.4 WebSphere Appliance Management Toolkit API . . . . . . . . . . . . . . . . . 24110.4.1 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24110.4.2 WebSphere Appliance Management Toolkit advantages . . . . . . . 24210.4.3 Disadvantages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24210.5 Command-line interface automation . . . . . . . . . . . . . . . . . . . . . . . . . . . 24310.5.1 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24310.5.2 Range of commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24310.5.3 Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24310.5.4 Advantages of using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24510.5.5 Disadvantages of using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . 24510.6 WebSphere Application Server Network Deployment Appliance ManagerVersion 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24510.6.1 Advantages of using the WebSphere Application Server ND ApplianceManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24610.6.2 Disadvantages of the WebSphere Application Server ND ApplianceManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24610.7 IBM WebSphere Appliance Management Center . . . . . . . . . . . . . . . . . 24610.8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Appendix A. Custom Role-Based Management authentication andcredential mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249Authentication phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Input context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Output context. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251Credential mapping phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251Input context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251Output context. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251Example: Multiple LDAP group membership . . . . . . . . . . . . . . . . . . . . . . . . . 252Step 1: Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254Step 2: Credential mapping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254Development considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Appendix B. Additional material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Locating the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Using the Web material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260Downloading and extracting the Web material . . . . . . . . . . . . . . . . . . . . . 260Abbreviations and acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261xDataPower SOA Appliance Administration, Deployment, and Best Practices
Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263IBM Redbooks publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267Contentsxi
xiiDataPower SOA Appliance Administration, Deployment, and Best Practices
NoticesThis information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area.Any reference to an IBM product, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product, program, or service thatdoes not infringe any IBM intellectual property right may be used instead. However, it is the user'sresponsibility to evaluate and verify the operation of any non-IBM product, program, or service.IBM may have patents or pending patent applications covering subject matter described in this document.The furnishing of this document does not give you any license to these patents. You can send licenseinquiries, in writing, to:IBM Director of Licensing, IBM Corporation, North Castle Drive, Armonk, NY 10504-1785 U.S.A.The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ORIMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimerof express or implied warranties in certain transactions, therefore, this statement may not apply to you.This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information herein; these changes will be incorporated in new editions of the publication. IBM maymake improvements and/or changes in the product(s) and/or the program(s) described in this publication atany time without notice.Any references in this information to non-IBM Web sites are provided for convenience only and do not in anymanner serve as an endorsement of those Web sites. The materials at those Web sites are not part of thematerials for this IBM product and use of those Web sites is at your own risk.IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.Information concerning non-IBM products was obtained from the suppliers of those products, their publishedannouncements or other publicly available sources. IBM has not tested those products and cannot confirmthe accuracy of performance, compatibility or any other claims related to non-IBM products. Questions onthe capabilities of non-IBM products should be addressed to the suppliers of those products.This information contains examples of data and reports used in daily business operations. To illustrate themas completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.COPYRIGHT LICENSE:This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programs inany form without payment to IBM, for the purposes of developing, using, marketing or distributing
DataPower SOA Appliance Administration, Deployment, and Best Practices Gerry Kaplan Jan Bechtold Daniel Dickerson Richard Kinard Ronnie Mitra Helio L. P. Mota David Shute John Walczyk Demonstrates user administration and role-based management Explains network configuration, monitori
