Middleware Tech

March 30, 2010

IBM DataPower

Filed under: IBM DataPower — Vijay Nekkanti @ 7:47 am


Three products of data power family

1 . XA35 (Green )

2 . XS40 (Yellow )

3 . XI50 (Blue)


1 . Its primary function is to make XML “Go faster”.

2 . In XA35 “A” Stands for Acceleration.

3 . Data power is an optimized cashes and dedicated SSL hardware to process XML at near Wire speed.

4 . XA35 is a strong appliance, but it has a limited security .

5. It doesn’t have XML thread protection or Encryption , Digital signature capabilities.

6. Because of these reason it sits behind the DMZ , in a trusted zone and process the XML files.

A popular usage is to receive XML responses from backend servers and transform those into HTML before continuing the response to the client. It has full SSL and SNMP capabilities to fit into the network infrastructure.


1 . The Data power XS40 is called security appliance.

2 . Its yellow color represents caution or Yield. XS40 “S” Stands for Security.

3 . This is found in DMZ zone, as  its Security capabilities are excellent.

4 . XS40 has all the capabilities that XA35 has and some extra features too.

  • Encryption and decryption
  • Digital signature creation or verification
  • AAA (Authentication , authorization and auditing)
  • Full XML Threat protection


1 . XI50 is an excellent product in the market.

2 . In XI50 , “I” stands for integration

3 . Due to its integration capabilities it is often found in the backend private network, functioning in an ESB capacity but is just suitable for the DMZ.

4 . XI 50 has all the features of (XA35 +XS40+Additional features)

  • Web Sphere MQ client option
  • Web Sphere JAVA MESSAGE SERVISE (JMS) jet stream  protocol connectivity.
  • TIBCO Enterprise Message Service (EMS ) Connectivity.
  • IBM  IMS connect client.
  • Database option (DB2, Oracle, SQL Server).
  • Optimized runtime engine for non-XML  Transformation.


DMZ: demilitarized zone

A DMZ is generally the front-facing “perimeter” of a network, where client traffic enters. Because

it’s the first point of entry into your network, and hackers have access, it must be hardened.

DMZ components is to virtualize or hide the implementation details of backend servers and applications. Typical DMZ products interact only with the protocol layer of the network stack, so they can hide things like hostname/IP, ports, and URIs, whereas XML-centric application proxies such as DataPower appliances can virtualize on a much more intelligent basis and can analyze the entire message stream.

The appliance are hardened out of the box

1. They are designed with security in mind from the ground up, before anything else.

2. They are shipped secure by default; virtually every feature is disabled, including the network adapters and administrative interfaces        (except for the serial port used to do initial bootstrap). If you want something, you must turn it on!

3. They have an encrypted file system.

4. They have no Java, print services, or shareable file system.

5. They are tamper-proof—backing out the screws on the case disables the appliance.

6. They have specialized secure handling of crypto keys and certificates.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: