ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » XML Firewall Datapower box or WMB

Post new topic  Reply to topic
 XML Firewall Datapower box or WMB « View previous topic :: View next topic » 
Author Message
TBS
PostPosted: Thu May 27, 2010 11:15 pm    Post subject: XML Firewall Datapower box or WMB Reply with quote

Centurion

Joined: 29 Jan 2007
Posts: 143
Location: Hillerød / Denmark
Hi !

In this article http://www.ibm.com/developerworks/websphere/library/techarticles/0707_storey/0707_storey.html it is recommended to use the Datapower box as a XML firewall in front of a Message broker .
Is the WMB not cable to do the same task in a flow ?

( validate the SOAP/XML structure , perform WS-Security processing, decrypt the body of the SOAP message, encrypt the message before the reply is sent to the requesting application. )
Back to top
View user's profile Send private message
elvis_gn
PostPosted: Fri May 28, 2010 1:10 am    Post subject: Reply with quote

Padawan

Joined: 08 Oct 2004
Posts: 1905
Location: Dubai
Hi TBS,

WMB can do the usual security (points which you mentioned), but it is not recommended to have your firewall and secure zone esb as the same...these need to be two layers.

Having said two layers, you can implement another layer of WMB for security too, but DataPower is a much better solution as it supports lot more security standards. Most of the security in DP is out-of-the-box and easily configurable, plus its a appliance without an OS etc...so buying hardware, upgrading OS, antivirus and worries of hacking do not apply.

It's a very good replacement for the standard load-balancers too, as it comes with Application Optimization module for intelligent load sharing.

Regards.
Back to top
View user's profile Send private message Send e-mail
mqmatt
PostPosted: Fri May 28, 2010 1:15 am    Post subject: Reply with quote

Grand Master

Joined: 04 Aug 2004
Posts: 1213
Location: Hursley, UK
Yes, Broker can do all this, it's a question of what is a better fit where...

DataPower appliances fit really well in a DMZ, because they have hardened security characteristics - DoS protection, threats against XML attacks etc.
On the other hand, Message Broker is better at processor heavy stuff and connecting back-end systems. I'd put WMB alongside those back-end systems, as I wouldn't want those applications potentially exposed through a DMZ.

In typical scenarios, DP will perform an initial routing decision, transformation or WS-Security processing on the initial point of entry in a DMZ, then send the requests onto a back-end instance of WMB for the heavy lifting.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » XML Firewall Datapower box or WMB
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.