Вы находитесь на странице: 1из 7
IBM WebSphere DataPower SOA Appliance Handbook IBM Press. (c) by Bill 2008. Hines Copying et
IBM WebSphere DataPower SOA Appliance Handbook IBM Press. (c) by Bill 2008. Hines Copying et

IBM WebSphere DataPower SOA Appliance Handbook

IBM Press. (c) by Bill 2008. Hines Copying et al. Prohibited.

Reprinted for Suresh Raja K, Cognizant Technology Solutions SureshRaja.K@cognizant.com Reprinted with permission http://skillport.books24x7.com/ as a subscription benefit of Skillport,

All rights reserved. Reproduction other forms without and/or written distribution permission in whole is or prohibited. in part in electronic,paper or

other forms without and/or written distribution permission in whole is or prohibited. in part in electronic,paper

IBM WebSphere DataPower SOA Appliance Handbook

Appendix A: DataPower Naming Conventions

conventions conventions providing This appendix some that will is example not designed must extend be names taken to to give the into that specificity some account follow insight the needed during guidelines. into a the by DataPower process the Though multitude of implementation, naming every of internal enterprise DataPower DataPower it is will almost configuration have objects. its guaranteed own objects, internal that as naming those well as Developers and administrators also have their own preferences for case, concatenation, and abbreviation. Feel free to impose those preferences on these guidelines. This text uses CamelCase [1] ; however, hyphenated (-) names, underscored if for (_) you reusability names, dont and agree and ALL_CAPS with for collaboration. these names conventions, are also its acceptable important (syntactically) to follow standard as DataPower naming rules object in your names. DataPower Use your configurations favorite. Even

Note they are that designed the examples more in for this demonstration book are just purposes that, examples. than for As true such, configuration they do not creation. always follow these naming guidelines;

General Guidelines

perspectives. These guidelines Though are designed ideal conditions for maximum may dictate reusability, that each from logical both configuration environment management (development, and testing, environment preproduction, promotion and load-balanced recovery. production) Occasionally, have group its own of two all DataPower other or more environments devices device, in this are production, is shared sometimes on hopefully a not single the with device. case an in exact This real-world replica setup situations. is in definitely pre-production Usually, not recommended and/or there is disaster a and introduces additional complexity for environment promotion. Although should be this able is to essentially be moved a from configuration domain to management domain (and issue, device it to has device) an effect with on minimal naming manual conventions modifications, as well. as Objects described in that Chapter have to 15, be Build made and (to an Deploy XML config Techniques.file, CLI Ideally, script, or this XML will Management be a completely request), automated the more process, complicated and the more and error- changes prone the process becomes. So, when in doubt, design for clarity and reusability. The should any of other your represent important colleagues, the principle functional and when to logic keep seen of in the mind in context configuration is functional with its held object explanation. within. type, It it should In should a clear be represent but instantly concise the recognizable manner, task it performs."Name an by objects both you name and Changes"

Name Changes

the potentially After name an object right be deployed. the has first been time created and verify with a that given your name, name that will name represent cannot the be object easily in modified. every environment As such, make to which sure it you can get

disallow [1] CamelCase whitespace. is the practice This document of concatenating specifically capitalized uses UpperCamelCase, words without spaces in which to the allow first for letter syntax is also requirements capitalized. that Names one The example, suggested and naming some conventions explicative reasoning are grouped for by why object the naming or object choice category. has been Each made. contains the naming scheme, at least Device thus, login They There page. may usually are be few The require designated places audience a where name by for personnel devices when these used names actually in as other will an require sometimes identifier departments names to be external (typically, (other different than servers, than networking their the such several DataPower as or syslog security). TCP/IP development daemons, hostnames These names or audience for as a connectivity). must notice and, on the servers differentiate and between routers, and multiple may devices need to contain in a given hints environment, about physical sometimes location. even As such, between this this is one and of other the least nonappliance standardized

Reprinted for CTS/271544, Cognizant Technology Solutions

Page 2 / 7 IBM Press, International Business Machines Corporation (c) 2008, Copying Prohibited

IBM WebSphere DataPower SOA Appliance Handbook

left-side names. We menu strongly and choosing suggest a you System name Identifier; all of your here devices are a by few navigating examples: to AdministrationDeviceSystem Settings in the

n

XmlGwDMZ01

n

XS40Dev03

n

DPProd17

n

XI50TucsonStaging02

Application Domain management, The name of an and application environment domain promotion depends perspectives. quite a bit on Domains your designated can be created architecture, for a development from device team, management, a project project team, those or even that for might a single travel user between (in a development appliances, setting). but their Single names user should and still other be sandbox descriptive. domain For those names that are will less be important promoted than eventual deployed between environments, destination, in multiple corporate even the if name all security development should zones, contain is each done the with development on a its single own version internal group of device. or a project domain, Here name. then are If a the DataPower few name options: should appliances also reflect are its

n

HRServices

n

AccountServicesDMZ

n

AccountServicesInternal

n

NextGenInfrastructure

n

JoeSmith

n MainframeServices Service A service name should give some indication of what is represented by the configuration. In a Web Service Proxy (WSP), service services. this generally with In these unique means cases, features. the service when In built these it protects; upon cases, one however, the or name more WSPs Web should services, can be also more the contain generic, name multiple will representing often WSDLs, be followed the each full cluster referencing by Serviceof categorized a or related Services.be fashion, progression, flowing and through For be especially services delivered this service: if without there to a backend will it an will be existing enter a server format, the Web in device protocol, (perhaps) service in a or name, particular another message you format should format transformation or on consider protocol. a given involved. the protocol, Your full path name Here be of should processed are a message some reflect examples: in that some the might full

n

ImagingService/ImagingServices

n

MapHTTPToMQ

n

ConvertEDIToXML

n

BillingServices

n BridgeMQToEMS What development promote general these enough this names environment environment, to move should between to not naming QA. do You is domains your contain should Web and the always Service name environments, look Proxy of the for ImagingServiceDev environment this while balance still providing between in which will the clues generality only service to cause the and resides. processing problems descriptiveness; Even when contained if this you is keep go a to it therein. distinguish Services between are ImagingServiceMPGW, also always grouped by ImagingServiceXMLFW, type when displayed by and the ImagingServiceWSPjust administrative tools, so theres call it no need to ImagingService."Service Types"

IBM WebSphere DataPower SOA Appliance Handbook

Service Types

Service These service Proxy, naming Web Application criteria apply Firewall, to all XSL major Proxy, service and types, the lesser-known including XML services Firewall, available Multiprotocol from the Gateway, left-side Web menus.

Processing Policy

A processing policy is tied closely to the service in which it resides, as each service can contain only one policy. As such, a

can processing processing be used policy taking by multiple usually place within services, has the and same perhaps ignore name the of different type as its of service, service types with minus or the different any protocols reference protocols; for frontend to the this protocols name and backend should being focus connections. invoked. entirely A policy on the ConvertEDIToXML MapHTTPToMQ RouteToMQBackend and are not reusable would is in would still other be a significantly valid be services. more name appropriate. because less useful. it Note focuses In these that on policies cases, the message focus within on a format Web the actions Service rather within: than Proxy the AddMQHeaders are protocol; not named by or the user

Processing Rule

A processing rule name should be much more specific than a processing policy, as a policy can contain multiple rules that

and manually perform potential different defined, reuse, tasks. but a this rule These simply should objects appends be named are named a number according automatically to the to its policy processing according name, logic. such to the as More processing PolicyName_rule_0. importantly, policy the if name a For name more should is not specificity without named distinguish VirusCheckAttachments. inspecting between the different actions rules contained If the within rule therein. the performs same A rule policy; more named than you should StripAttachments one major be able function, to determine is feel completely free their to concatenate distinguishable functional differences the from important another ones. Focusing on the main purpose of a processing rule will result in names such as the following:

n

ProcessAttachments

n

StripAttachments

n

SignEncrypt

TransformSignEncrypt policy you are in which not interested theyve been in taking defined, advantage you may of want the reusability to include of the these processing rules, and policy they name will appear as a prefix. only In in this the processing case, AttachmentServiceProcessAttachments AttachmentService processing policy. and AttachmentServiceStripAttachments could be separate rules in the

If

n

Match Rule Each processing rule begins with a match action that defines which incoming messages will be executed by that rule. appropriately and Match even rules message are and reusable, easily. content. These so The they criteria following should can be could vary named all widely be according useful because matching to matching their matching rule can names: take criteria place so on that headers, they may URLs, be used error codes,

n

MatchAll

n

SAMLAssertion

n

BackendConnectionError

n BinarySecurityToken Front Side Handlers

should Each MPGW be named or WSP according service to can the have service multiple to which Front they Side are Handlers, attached and listening should for include requests the on protocol. various For protocols. Web Service These port Proxies, will not this be may modified reference between a group environments. of services. The In addition, port addition HTTP is and especially HTTPS useful listeners when can looking include at a a port, list of but services only if this or

Reprinted for CTS/271544, Cognizant Technology Solutions

Page 4 / 7 IBM Press, International Business Machines Corporation (c) 2008, Copying Prohibited

IBM WebSphere DataPower SOA Appliance Handbook

at an a accurate list of FSH and within consistent a servicethe manner) can port save is not a shown step. Examples unless you are open as follows: the FSH object itself, so including the number (in

n

ImagingServiceMQ

n

HRServicesHttps443

n CreditServiceFTP Keep another in mind domain that and these modified names to cant listen be on easily 8443, changed. then dont If include the HRServicesHttps443 the port number in Front the name! Side Handler might be copied to

XML Manager

Although many services can use the default XML Manager, simple changes often need to be made, such as the addition of

a Load Balancer Group, modification of parser behavior, or definition of a caching policy. In these cases, you should

always names similar create a to new the following: XML Manager (dont modify the default one!) and name it after the modifications. This would result in

n

ParseRestrictions

n

CacheDocuments

n

BackendLoadBalancer

If you simply modify the default XML Manager, there is the potential to unwittingly impose those modifications on a new

service successfully that you imported (or someone when moving else in objects the same between domain) domains create or in devices. the future. That object is also less likely to be noticed and

User Agent In the same fashion that an XML Manager controls parsing and caching behavior for the incoming message, a user agent created results controls in in connection names a new similar object behavior (dont to the between modify following: the DataPower default one!) and and any should backend be servers. named after Any user the modifications agent requirements contained should therein. be This

n

InjectSOAPActions

n

FTPCredentials

n

ProxyServerConfig

n

HTTP10Policy

AAA Policy

similar the Within accepted a for processing various input services. credentials, rule, a AAA If the authentication/authorization policy policy can is being provide used access for token control methodologies, exchange, for inbound its and name messages. backend should token These reflect formats are the highly input are and reusable, likely output to be as being authenticating token used formats. for and each. BasicAuthToSAML authorizing LDAPAuth without and and TAMAuAz producing UsernameTokenToLTPA are a backend both distinctive token, would and then descriptive. be you useful should in this name case. the If policy the policy based is on simply the servers Certificate file Certificate to have objects a name on descriptive the DataPower of the environment appliance encapsulate for which it certificate is used, while files for keeping abstraction the object purposes. name This generic allows enough the actual to be should architecture promoted be to called rather a new LDAPServer, than environment referencing rather without a than specific a need DevLDAP. hostname. for modification. WASBackend A certificate The could object imported be name another from should an internal LDAP describe server server, its for while place LDAPS in the interaction logical could InternalHRClient represent the could server represent certificate a certificate delivered used by services.xyco.com; for mutual authentication it is nonrepresentative to an internal HR of application. an application XYCorpServices environment,

Reprinted for CTS/271544, Cognizant Technology Solutions

Page 5 / 7 IBM Press, International Business Machines Corporation (c) 2008, Copying Prohibited

IBM WebSphere DataPower SOA Appliance Handbook

but still self-explanatory. Key

server closely Key objects identification, to the are names generally or of digital the paired objects signature to referencing certificate creation. objects the As certificate such, that will the files be names used with of on which objects the they device referencing are for paired. encryption key Because files by should a keys partner, be can tied SSL be very tied to multiple from that, certificates, they should the be common exactly the name same. included in a particular certificate should be excluded from the key name; aside

Identification Credential An identification Identification and Credential other document represents encryption the pairing and decryption of a key object tasks. to ID a credentials certificate object. should They be named are then the used same for as SSL the server certificate they contain so that it is obvious which key pair they are referencing. Validation Credential

A validation credential is used for verifying incoming certificates used for SSL mutual authentication and other

cryptographic object name. Focus tasks. on Because the group this of object certificate can contain owners multiple that need certificates, to be validated it is often or the impossible type of certificates to reference expected. them all in the

Sample names can be similar to the following:

n

PublicCerts

n

InternalCARoot

n

DotNetWAS

n ApprovedExternalClients Crypto Profile

A crypto profile provides a method for combining cryptographic objects for use in an SSL connection. The included objects

depend is necessary. on whether These the two appliance criteria, as is well acting as as an a indication server (backend) of the service or a client itself, (frontend) should be and included whether in the Mutual crypto Authentication profile name.

authentication. Use the service This name, results followed in sample by the names type of such SSL as (client the following: or server) then followed by an optional MA for mutual

n

InternalServicesServer

n

BackendServicesClient

n HRServicesServerMA SSL Proxy Profile

reverse SSL proxy (server) profile SSL consists connection, of either a forward one or two (client) Crypto SSL Profile connection, objects, or tying a two-way those objects (both server to a particular and client) service connection. as either For SSL, forward remove or the reverse, reference the object to Client should or Server have and the exact replace same it with name the as phrase the crypto TwoWay. profiles This they results reference. in a name For such two-way as HRServicesTwoWayMA. Queuing Technologies The guidelines object general is then apply category referenced to each, of queuing in as the they actual technologies all require connection an encompasses initial URL configuration or Front several Side of Handler. the different connection DataPower These to objects the objects. management include The the same MQ serverthat Queue naming Manager, Data rather Source than Tibco their would EMS physical have server, similar location and naming or WebSphereJMS; application conventions. environment. nonmessaging Names Avoid for these server hostnames, objects interface should references objects reference such to development, the as IMS logical Connect architecture QA, and SQL production, and datacenter names. If the queuing server will act as a bridge between two architectural zones, reference

a

A

Reprinted for CTS/271544, Cognizant Technology Solutions

Page 6 / 7 IBM Press, International Business Machines Corporation (c) 2008, Copying Prohibited

IBM WebSphere DataPower SOA Appliance Handbook

object. them both. Examples There are is no as need follows: to reference the protocol itself, as these objects are each in their own lists, categorized by

n

DMZInternet

n

DMZIntranet

n

InternalWASCluster

n HRMainframeApp Log Target Log targets represent a subscription to a set of log events that will be designated to be sent to a specific target over any subscribed, be one included of a number as as well. well of protocols. as Examples the target A can log of include those target events. name should If there represent are filters the on type the events, and priority the object of the or events event to being which filtered it is should

n

EmergencyToSNMP

n

AlertToSMTP

n

CertMonitorToAppSyslog

n

AAAToSecuritySyslog

n HRServicesProxyErrorToFTP Transforms (XSLT)

stylesheet examples: be There existing are many files corporate that cases will naming in be which used conventions files in Transform need to for be actions, files uploaded containing names to the code; should device these represent (or conventions referenced the logic from are inherent available a remote within. otherwise. location). Here are For There some XSLT may

n

CheckAttachment.xsl

n

StripWSSecurity.xsl

n AuthorizeLDAPGroups.xsl Filters (XSLT)

would Filter Filter action, files be SQLInjectionFilter.xsl, are that also should XSLT be transformations appended while one to the and that end should checks of the also for filename. valid be named inputs An example by would logic. be However, of ValidFormContentsFilter.xsl. a filter that because checks these for negative will be used inputs in a Configuration Files (XML) within. Additional Example XML files names used could for configurations, be UserRegistry.xml, user data, RoutingTable.xml, and other on-board or AAAForHR.xml. uses should be named for the data contained Summary There are many objects that can be configured on the DataPower appliance, including some that are not explicitly reusability/portabilityyou names referenced will then in this become chapter. common As should long sense, be as able you and keep to extend you in can mind the create the concepts two objects guiding laid named out principles here HRServicesDevelopers to fit for any name other creationdescriptiveness object (for on the a UserGroup), device. The and PerMappedCredential guidelines your own naming will assist conventions with (for collaboration, a SLM that Credential will be reuse, used Class), and and easy enforced and documentation EncryptSocSecNbr in your environment. among (for development a Document groups. Crypto Map). Use them Following to finalize these

Reprinted for CTS/271544, Cognizant Technology Solutions

Page 7 / 7 IBM Press, International Business Machines Corporation (c) 2008, Copying Prohibited