Please note that this is a very “minimum” configuration and setup, although good enough to put into production but you should of course consider backup, fail-over, testing and of course documentation as well.
I would however like you to note that this is absolutely doable and there is nothing “crazy” or strange, the tools are just this good and state-of-the-art.
- Knife or scissors (that tape on the box is really though; especially for weak IT technicians)
- USB-to-serial converter (if your laptop doesn’t have a 9-pin serial port; and if it does it’s probably time for an upgrade)
- IBM DataPower Appliance XB62 (or XB60) (Firmware 3.8.2 or above)
- A computer with the following installed:
- Putty (the Open Source SSH client)
- A Web-browser
- WebSphere Transformation Extender Design Studio (8.3 or above)
- Coffee machine
So, let’s get the clock started and myself down to the server-room!
The first 10 minutes or so I will spend unboxing the IBM DataPower XB62 appliance. If you are wondering, yes, that is included in the five hours!
Just to let you know how much of a nerd I am; I always get a severely raised pulse just opening up that DataPower box and pulling out that appliance; new shiny and full of that tremendous power… The geek-o-meter couldn’t get any higher than that!
It is generally better to run down to the server room yourself than having the network-techies doing it for you. Handing a DataPower appliance to a network technician is just begging for delays… Once they realize what kind of hardware they have gotten their hands on they will spend days planning IP stack routing tables, ARP cache’s, default routes and all those other very confusing terms they use when they want to sound busy
Next up is the initialization of the XB62. That is a fairly easy task if you know the parameters needed, such as IP address, DNS server and have decided a good and strong password prior to firing up the initialization wizard.
To run the wizard I hook my computer running Putty (the SSH client) up to the Serial port on the front of the appliance using a USB-to-serial converter.
Putty will start showing some scrambled text and after the device has booted the wizard will run. After typing in all the details I restart the XB62 to make sure the new details will stick so that I don’t have to run back down again…
I always test the appliance using the configured Ethernet port through a small network hub so that I know the IP and net-mask is fine. Before running the connection test I ran the CLI command to start the WebGUI of the appliance so that I can see it when running hooked up to the box directly.
That done I can get out if that freezing server room and try to get my core-temperature back above freezing. Downing a quad-espresso on the go up the stairs normally helps a bit. (Well, yes, even though I am an IT geek of the worst kind I do take the stairs and not the elevator…).
Back at my desk I fire up my FireFox browser and open the WebGUI for the XB62 running on the default port 9090 to make sure that it works over the network.
When I have gotten this far I can forget about the DataPower box for a while. I will then start developing the WebSphere Transformation Extender (WTX) map to transform the data from EDIFACT to XML.
The message of choice for my project is an EDIFACT D.93A ORDERS message which I will transform into ebXML Order.
Here you might say that I am “cheating” to some extent as I will be using the pre-built Baseline EDIFACT WTX pack from the Baseline EDIFACT Startkit for the EDIFACT message format and the XML schema file for the ebXML Order.
The message formats in WTX are represented by something called a TypeTree. The TypeTree’s are then placed in an input-card, reading the EDIFACT and an output-card, writing the XML.
I then start creating the actual mapping between the two formats. As EDIFACT is a quite complex format to map and it requires a lot of nested objects, called functional maps in WTX I am going to spend the major part of the five hours in WTX.
I am not going to bore you with any more details about the actual mapping but after close to 4 hours the map is built and tested to make sure that at least three different EDIFACT D.93A ORDERS run through fine.
In the Baseline EDIFACT Startkit there are five pre-built maps included in the pack and I can guarantee you that those are way more thoroughly tested than the map I just built, I have to keep in mind that I am supposed to finish this within five hours, right?
Once the map is tested I change the WTX runtime of it to DataPower and save the .dpa file on my drive for later use.
At this point I have spent a bit short of 4½ hours of the five and that including the de-icing and espressos, which there has been two more of…
Now back again to the Web-GUI of the XB62!
I will trade with a partner that runs AS2 so I am going to setup the “Internal” partner, i.e. my own company which also sometimes is referred to as “Hubowner”. For simplicities sake I just am going to call my trading partner for “Partner” and my own company “Hubowner”.
Setting up trading partners in the XB62 is a walk in the park while eating a piece of cake; yes, that simple!
Before we start typing away on the partner setup I am going to create a new “Application domain”. An Application domain is like a “partition” and is isolated from any other domain. You should never ever create any objects in the default domain!
The well thought through Web-GUI makes it a no brainer (for a trained person) to remember what to put where for the partners so I type in the name, the identifier of the partners and then scoot over to the AS settings where I have to create the Crypto objects for the AS2 exchange as it should use signed messages with a MDN (Message Disposition Notification).
The certificates has previously been exchanged so all the keys and password for the private one is already laying there waiting on my hard drive. Uploading them to the DataPower box is strangely enough normally the most time-consuming task in creating the partner! :o
After the crypto’s are created I head on to the destinations where I add a HTTPS destination for the partner. My own backside connection will go to an IBM MQ Queue Manager (which has been pre-configured) so I have to head over to the Network objects of the Web-GUI to create the Queue Manager object.
Knowing the IP, channel and name for the Queue Manager the task is a breeze and I am back in the Hubowner partner setup in half a minute or so. Continuing on the Hubowner setup I set the destination to a DataPower MQ client connection typing the MQ connection URL by heart (but there is a wizard in case you need it).
Now that the two partners are configured I need to “pair” them in a B2B Gateway. Again the GUI helps us creating this in a few minutes only, selecting which partners to be included in the gateway and setting up the Front Side Handler (FSH). The FSH is the listener receiving the AS2 message from the partner. In this case we need an AS2 FSH and we need to specify the IP address and port on which it should listen.
The B2B Gateway need to know how I want to handle the B2B data and to set that I move over to the Archive tab of the B2B Gateway and set it to “Purge only”, meaning it won’t save the messages going through. Make sure you are not “purging only” in your production environment!
For the B2B gateway to run we must set the “B2B Persistence” store. This must be done from the default domain so I am going to jump back to there and select the onboard disk (raid0) for the store.
Swapping back to my “partner domain” it is now actually ready for a “pass-through” test. This is a very good idea since if the message flows through we know that the partners are created correctly and that the XB62 is up and running and all ports have been opened by the network team.
Knowing that I now can pass the message from “Partner” through to “Hubowner” means that I not only can identify the partners but also put the message un-enveloped from AS2 onto the backside MQ queue. The only slight issue now is that the message is put on the queue as EDIFACT and not as the expected XML message.
Remember that .dpa file; the WTX map you know?
It’s time to put that in now and that is done as a transformation action in a processing policy. I am going to put the processing policy on the Hubowner in this case as it will be a generic map used by several partners.
The processing policy is created as a graphical flow of the message. In the action for transformation “Transform binary” is an option and when choosing that I will be presented with the option to upload a .dpa file.
There is nothing more to adding the transformation than that, as I will use a “match all” rule for this processing policy meaning that all messages passing through will get transformed.
That’s it really, there’s nothing more to it… and the time?
Well, I was poking around in the XB62 GUI for another half an hour which puts the total to just under 5 hours where almost 4 was spent building the map.
This means that if you would only want a secure and fast performing B2B Gateway without any transformation I would be able to set that up for you in about an hour and a half…
For the more critical reviewer you might want to consider the security aspect of things since I bypassed the network team here, right?
Well… All DataPower appliances comes with all security features activated by default so just starting it up and plugging it in means you have all the security you ever going to need!
B2B Architect at Enfo Zystems, Sweden