Wednesday, March 7, 2012

Datapower - a blast from the past

Back in 2005 I was living in London and working for Sena Systems. Sales were slow in Europe and I was subcontracted out to a partner for a three month engagement in the US. The partner was called Datapower and was headquartered in Boston. Little did I know that this project would result in one of the big turning points in my life.

While working for Datapower I not only met my now wife but I also got some experience of the product and also got to experience what happens when IBM buys your employer. One result of that buy was that Datapower cut the relationship with non IBM partners so I had to leave the DP area and moved over to the provisioning practice.

During the next five years I didn't do any Datapower work so when I got the chance to take part in a hands on DP lab day I took the chance.

The most striking part of the experience was how little DP had changed. Most of the user interface was almost identical . DP has a wizard oriented user interface where you basically are guided through a setup process. The end product of the process is a functional unit such as a multi protocol gateway or a web proxy.

The advantage of this setup is that you can build quite complex entities without any programming or in depth training. The disadvantage is that you sometimes is a bit limited. If the option you need isn't available as an option you are usually toast. The supporting entities such as encapsulations of certificates or SSL protection of connections can also be a bit hard to figure out as they can be either pre defined or reused or be defined as part of the workflow.

One really nice function in the new OS is addition of an XACML interpreter which makes it possible to run the DP device as a PDP. You can also link the DP box to a TSPM server and use the DP box as a PEP. The PDP functionality seems a bit shallow and you have no support for policy authoring or distribution so it is really not a fully fledged XACML solution. Despite this it is good to see XACML support in yet another well established security appliance.