In response to: Remote WebGUIIf you do access your DataPower boxes via a VNC session as described over your company VPN from remote, your traffic from VPN server to your VNC server is not encrypted. These days end-to-end encryption should be done everywhere [remote-->VPN server-->VNC server--(https)-->DataPower]. One option for this is to tunnel the VNC connection over SSH. There are many tutorials (it is really simple), this is one of them.
Last month quite some time before 184.108.40.206 firmware shipped I did coproc2gatewayscript posting here.
I made use of the fact that writing to "temporary:" folder was a possible location of a GatewayScript file.
First I was a bit frustrated, but then I realized another problem of my solution:
Also, if you look into above referenced posting, I had to make use of
in order to wait for some time (1 sec) to make sure that "temporary:///js" was written before GatewayScript action can be executed and finds the current GatewayScript file there, not a nice "hack".
The solution on how to do that was easy, just made use of Accessing XML Management interface from within a stylesheet posting.
You will have to
and that's it.
HermannSW 2700006U54 Tags:  webgui home dsl remote datapower latency vpn 1 Comment 8,009 Views
This is a followup posting on my "Remote WebGUI" posting from January:
Today is the first day we have increased bandwith at home.
Before we had 12Mbps down / 400Kbps up, which was good.
Now we have 100Mbps down / 2.5Mbps up, that is much better.
I just did open WebGUI of a Böblingen lab DataPower box through VPN into IBM network.
But this is true only if I am connected by ethernet cable -- there I do get 12MBps or 96Mbps download rate for file downloads.
If I am connected through Wifi I do only get 2.6MBps or 20.8Mbps download although I do have 54Mbps capacity.
Robert: Stefan, what do you do with the Internet, I have a bad ping.
Stefan: I do not do much with it, must be father.
Me: No, I am not doing big downloads currently.
It seems that we will not have these discussion anymore ...
HermannSW 2700006U54 Tags:  dsl datapower latency webgui remote vpn home vnc 1 Comment 8,858 Views
Even though I do have a 12Mbps DSL line at home, which allows for very fast downloads, working with WebGUI sometimes is much slower than in the office.
And that is even true when doing it at daytime when my children are at school [and do not use bandwidth for Internet games or youtube ;-)].
It seems that the added latencies for the many parts building up WebGUI make the difference.
I did find a simple solution for that -- just connect to a Linux workstation in the lab with a VNC viewer (see secreenshot below).
That workstation is connected by a 1Gbps line to the IBM network and does allow for really efficient access to my DataPower boxes
at Boeblingen lab (Germany), or to boxes in the US, at Prague or Taipei.
Connecting with VNC viewer has a second advantage -- I do have to use exactly one IBM application having Mainframe and Windows frontend only.
I just access the WinXP virtual image running on my workstation by "rdesktop" -- running there (see left bottom in screenshot) allows very quick data access
because of the 1Gbps line to the IBM network, and is far more efficient than running "rdesktop" from my IBM Laptop at home
just accessing the WinXP machine over DSL -- VNC is so much quicker than rdesktop.
Sceenshot of VNC session from home into the Boeblingen lab (click on screenshot to see it in full resolution):
HermannSW 2700006U54 Tags:  sleep development xslt latency datapower delay 2 Comments 10,673 Views
With 220.127.116.11 fixpack availability last week we do have DataPower XC10 URL Opener support:
Yesterday I took part in an internal education session and heard "... one of the few locations in DataPower with milli-second resolution ...".
I immediately thought on my posting Adding latency during service development for backend simulation from 2/2011.
The solution from that posting to add eg. a delay of 5 seconds was to make use of <dp:url-open> timeout attribute for "http" protocol:
Now the XC10 URL Opener can be "misused" (for development, see previous posting on this) to provide sub-second latencies.
And you do not have to possess a XC10 for doing so ;-)
So how is it done?
First we have to define a "XC10 Grid" -- lets name it "delay".
Lets fill in 300 (milliseconds) for Timeout, Grid Name "g", User "u" and Password "p",
Then create a new "Collective" named "c", switch to "Members" tab, and add a new member with "Actual Host" as "18.104.22.168".
Clicking two times "Apply" we are done on the configuration side.
Now a 300ms delay can be simply achieved by this "xc10:" <dp:url-open> call, see InfoCenter on format:
Doing some measurements with stylesheet xc10.xsl listed further below shows that timing is pretty accurate.
Of course we have to measure "inside" the stylesheet -- we could do by "stylesheet profiling" and <dp:region>.
Here the simpler approach based on "dp:time-value()" is used.
As can be seen here we see 16ms-23ms for 10ms configured (this is minimal value),
106ms-114ms for 100ms configured and 308ms-310ms for 300ms configured in "delay" XC10 grid object:
And this is stylesheet xc10.xsl used:
Just learned this from a colleague:
"I have seen some environments where this trick does not work, because even for unreachable addresses on the network,
their networking equipment responds immediately failing the request"
HermannSW 2700006U54 Tags:  xslt processing latency datapower backend stylesheet 28 Comments 31,882 Views
<EDIT cooler="http://pglezen.github.io/dpShowLatency/ShowLatency.html">putting link to Paul's tool without need to install a plugin more prominently than in comment -- click Analyze and enjoy the animation</EDIT>
<EDIT cool="http://pglezen.github.io/dpShowLatency/">A Mozilla Firefox add-on for analyzing IBM DataPower latency log entries</EDIT>
In addition you may access var://service/time-elapsed (the value used for creation of all 16 latency values, read-only).
During development sometimes the real backend service a DataPower service should connect to might not be available.
In this case we could set variable var://service/mpgw/skip-backside to 1 for a Multi-Protocol Gateway service.
This makes the MPGW service a loopback service and we could provide dummy backend response data.
The difference to connecting to a real backend is just the latency -- no real backend has 0 latency.
While there is no specific DataPower command to add latency to a service or stylesheet (like Unix "sleep" command)
we can use a simple workaround I learned from a colleague yesterday.
Just try to open a network connection to a non-existent IP address with <dp:url-open ...> and specify the timeout you are interested in:
This has the big advantage that it does not affect CPU-usage (non-active wait).
Today I learned that non-existant IP adresses must be chosen carefully, don't use 10.0.1.0 for that.
Find the details in this developerWork Forum thread: