Click here to close now.




















Welcome!

@CloudExpo Authors: Liz McMillan, Cloud Best Practices Network, Kevin Jackson, Elizabeth White, Pat Romanski

Blog Feed Post

Intel Expressway API Manager and The Rise of Mobile Middleware

I just returned from an exhilarating trip to the Gartner AADI show in Las Vegas last week. There are a lot of exciting things happening at Intel in the Data-center Software Division (DSD), especially with respect to the Expressway Product Line.

First, we had our first live demo of the integrated solution that showcases Intel(R) Expressway API Manager and the Mashery API Management Portal. This is a true best of breed match between what we think is one of the best security gateways in the market and the de-facto market leader in API management, bringing the best possible product set to our end customers.

Second, we did multiple workshops with Gartner visionary Appcelerator. They make a slick cross-platform mobile development environment that produces native code for mobile applications, and the cool part is that the developer only has to write their code in JavaScript. So you can think of their tool as a cross-compiler that churns out native code optimized for Android, iOS, Blackberry and Windows devices but  only requires the developer to have a working knowledge of JavaScript.

The combination of Appcelerator Titanium and Intel(R) Expressway API Manager is a killer best of breed architecture for jumpstarting an Enterprise ready native mobile application. In fact, we showed a live proof of concept that went from a non RESTful back-end to a native application running on an iPhone with Enterprise grade data level security controls in 15 minutes.

Enterprises and Native Mobile Applications

Let’s walk through the scenario. Suppose you are a large Enterprise and you want to get a mobile project going at your enterprise. Furthermore, you don’t really want to compromise with HTML5 – native applications typically provide the best performance and device integration. Here are some of the hurdles – first you will likely have fragmentation in your data-center. You probably have:

  • Disparate middleware and database technologies
  • Disparate identity management silos
  • Disparate programming languages, with different levels of expertise
  • Current architecture optimized for web browsers, e.g. n-tier designed for a thin/dumb client
  • Vertical integration prohibits cloud outsourcing
  • Inconsistent security model across domains

And now, on top of these challenges you want:

  • BYOD with enterprise native mobile applications
  • Low development costs
  • Fast time to market
  • Robust security for Enterprise data

API Enabling Your Existing Architecture

Mobile applications have tremendous value for a mobile sales force. The example we took was a sales manager who is on the road and wishes to access enterprise data securely, directly from the mobile device. We took two examples of data – localized revenue information and the protection of personally identifiable information. In the first example this is a revenue report of local retail stores, which might be accessed by a manager on the road using the location of the tablet or smartphone.

In the second example we can take that same manager and assume he is hiring new employees and has to enter sensitive personally identifiable information (PII) such as a social security number, name, address, date of birth or maybe a driver’s license number.

Here is what the architecture looks like:

 

 

 

On the right hand side we have the Enterprise and the existing architecture. In this example we assumed the Enterprise has a RESTful service for handling new hire information and a SOAP web service for querying revenue information. Further, we assumed the Enterprise currently uses Active Directory for its identities.

Using the Intel(R) Expressway API Manager as a mobile middleware we can put a RESTful facade in front of these disparate systems and expose two simple endpoints for the mobile device. Further, the gateway performs important functions, including:

  • The termination and acceleration of SSL (remember, with mobile, you may easily scale to hundreds of thousands of individual “apps”, all hitting the back-end infrastrcture)
  • Perimeter security for content based threats, such as SQL injection
  • Delegated authentication to the Enterprise LDAP based on an API key in the request
  • Throttling of requests, including denial of service protection (remember, again, with mobile devices there could be thousands)
  • Optimization of content sent back to the device. In our example we showed the transformation of XML to JSON, which is optimized for the mobile phone
  • Data protection, including format preserving encryption, a special mode of AES that prefers the length and character set of data-types. This is especially useful for handling the new hire information, such as the social security number
  • Routing and composition of data accessed form multiple databases. Mobile applications may need to aggregate data from multiple databases, combine it into a single response before it is sent to the mobile device

The best part about the Intel(R) Expressway API Manager is that this entire flow can all be designed in Eclipse using drag-and-drop actions. No coding is required. If you are looking for a quick way to jump-start a native mobile application at your enterprise with minimal back-end changes, give us a shout. We may be able to help!

-Blake

Read the original blog entry...

More Stories By Application Security

This blog references our expert posts on application and web services security.

@CloudExpo Stories
Organizations from small to large are increasingly adopting cloud solutions to deliver essential business services at a much lower cost. According to cyber security experts, the frequency and severity of cyber-attacks are on the rise, causing alarm to businesses and customers across a variety of industries. To defend against exploits like these, a company must adopt a comprehensive security defense strategy that is designed for their business. In 2015, organizations such as United Airlines, Sony...
Amazon and Google have built software-defined data centers (SDDCs) that deliver massively scalable services with great efficiency. Yet, building SDDCs has proven to be a near impossibility for ‘normal’ companies without hyper-scale resources. In his session at 17th Cloud Expo, David Cauthron, founder and chief executive officer of Nimboxx, will discuss the evolution of virtualization (hardware, application, memory, storage) and how commodity / open source hyper converged infrastructure (HCI) so...
In their Live Hack” presentation at 17th Cloud Expo, Stephen Coty and Paul Fletcher, Chief Security Evangelists at Alert Logic, will provide the audience with a chance to see a live demonstration of the common tools cyber attackers use to attack cloud and traditional IT systems. This “Live Hack” uses open source attack tools that are free and available for download by anybody. Attendees will learn where to find and how to operate these tools for the purpose of testing their own IT infrastructu...
The web app is agile. The REST API is agile. The testing and planning are agile. But alas, data infrastructures certainly are not. Once an application matures, changing the shape or indexing scheme of data often forces at best a top down planning exercise and at worst includes schema changes that force downtime. The time has come for a new approach that fundamentally advances the agility of distributed data infrastructures. Come learn about a new solution to the problems faced by software organ...
IBM’s Blue Box Cloud, powered by OpenStack, is now available in any of IBM’s globally integrated cloud data centers running SoftLayer infrastructure. Less than 90 days after its acquisition of Blue Box, IBM has integrated its Blue Box Cloud Dedicated private-cloud-as-a-service into its broader portfolio of OpenStack® based solutions. The announcement, made today at the OpenStack Silicon Valley event, further highlights IBM’s continued support to deliver OpenStack solutions across all cloud depl...
Red Hat is investing in Tesora, the number one contributor to OpenStack Trove Database as a Service (DBaaS) also ranked among the top 20 companies contributing to OpenStack overall. Tesora, the company bringing OpenStack Trove Database as a Service (DBaaS) to the enterprise, has announced that Red Hat and others have invested in the company as a part of Tesora's latest funding round. The funding agreement expands on the ongoing collaboration between Tesora and Red Hat, which dates back to Febr...
With the proliferation of connected devices underpinning new Internet of Things systems, Brandon Schulz, Director of Luxoft IoT – Retail, will be looking at the transformation of the retail customer experience in brick and mortar stores in his session at @ThingsExpo. Questions he will address include: Will beacons drop to the wayside like QR codes, or be a proximity-based profit driver? How will the customer experience change in stores of all types when everything can be instrumented and a...
The Internet of Things (IoT) is about the digitization of physical assets including sensors, devices, machines, gateways, and the network. It creates possibilities for significant value creation and new revenue generating business models via data democratization and ubiquitous analytics across IoT networks. The explosion of data in all forms in IoT requires a more robust and broader lens in order to enable smarter timely actions and better outcomes. Business operations become the key driver of I...
WSM International, the pioneer and leader in server migration services, has announced an agreement with WHOA.com, a leader in providing secure public, private and hybrid cloud computing services. Under terms of the agreement, WSM will provide migration services to WHOA.com customers to relocate some or all of their applications, digital assets, and other computing workloads to WHOA.com enterprise-class, secure cloud infrastructure. The migration services include detailed evaluation and planning...
SYS-CON Events announced today that DataClear Inc. will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The DataClear ‘BlackBox’ is the only solution that moves your PC, browsing and data out of the United States and away from prying (and spying) eyes. Its solution automatically builds you a clean, on-demand, virus free, new virtual cloud based PC outside of the United States, and wipes it clean...
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of tech...
SYS-CON Events announced today the Containers & Microservices Bootcamp, being held November 3-4, 2015, in conjunction with 17th Cloud Expo, @ThingsExpo, and @DevOpsSummit at the Santa Clara Convention Center in Santa Clara, CA. This is your chance to get started with the latest technology in the industry. Combined with real-world scenarios and use cases, the Containers and Microservices Bootcamp, led by Janakiram MSV, a Microsoft Regional Director, will include presentations as well as hands-on...
Through WebRTC, audio and video communications are being embedded more easily than ever into applications, helping carriers, enterprises and independent software vendors deliver greater functionality to their end users. With today’s business world increasingly focused on outcomes, users’ growing calls for ease of use, and businesses craving smarter, tighter integration, what’s the next step in delivering a richer, more immersive experience? That richer, more fully integrated experience comes ab...
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advance...
Cloud and datacenter migration innovator AppZero has joined the Microsoft Enterprise Cloud Alliance Program. AppZero is a fast, flexible way to move Windows Server applications from any source machine – physical or virtual – to any destination server, in any cloud or datacenter, using its patented container technology. AppZero’s container is also called a Virtual Application Appliance (VAA). To facilitate Microsoft Azure onboarding, AppZero has two purpose-built offerings: AppZero SP for Azure,...
In today's digital world, change is the one constant. Disruptive innovations like cloud, mobility, social media, and the Internet of Things have reshaped the market and set new standards in customer expectations. To remain competitive, businesses must tap the potential of emerging technologies and markets through the rapid release of new products and services. However, the rigid and siloed structures of traditional IT platforms and processes are slowing them down – resulting in lengthy delivery ...
This Enterprise Strategy Group lab validation report of the NEC Express5800/R320 server with Intel® Xeon® processor presents the benefits of 99.999% uptime NEC fault-tolerant servers that lower overall virtualized server total cost of ownership. This report also includes survey data on the significant costs associated with system outages impacting enterprise and web applications. Click Here to Download Report Now!
U.S. companies are desperately trying to recruit and hire skilled software engineers and developers, but there is simply not enough quality talent to go around. Tiempo Development is a nearshore software development company. Our headquarters are in AZ, but we are a pioneer and leader in outsourcing to Mexico, based on our three software development centers there. We have a proven process and we are experts at providing our customers with powerful solutions. We transform ideas into reality.