WebSphere DataPower appliance manager overview

WebSphere DataPower appliance manager provides a set of capabilities for managing sets of appliances. DataPower appliance manager can be used to manage appliances with a 3.6.0.4 or higher level of firmware.

IBM WebSphere DataPower SOA Appliances are purpose-built, easy-to-deploy network devices that simplify, help secure, and accelerate the XML and Web services deployments.

The first time you use DataPower appliance manager, add appliances, firmware versions, and managed sets. Verify that each appliance to add has a 3.6.0.4 or higher level of firmware. Also verify that the Appliance Management Protocol (AMP) endpoint is enabled for each appliance. If the XML Management interface AMP endpoint was disabled during installation, use the DataPower WebGUI to enable the AMP endpoint.

For security reasons, the DataPower appliance manager does not include Crypto material, such as keys and certificates, in the shareable settings and domain versions that it creates. Therefore, after you add or replace an appliance, you must manually add any Crypto material to apply for that appliance.

The DataPower WebGUI is different from the WAS console that you use to administer the DataPower appliance manager. The DataPower WebGUI is a separate user interface on the DataPower appliance used to configure the appliance.gotcha


Managed sets

A managed set is a collection of appliances that share the same hardware type, model type, and feature license set. A managed set synchronizes sharable appliance settings, managed domains, and firmware across multiple appliances.

A managed set can contain one or more appliances. An appliance is not actively managed unless it is a member of a managed set. We must first add an appliance to the DataPower appliance manager, and then add the appliance to a managed set.


Sharable appliance settings

Sharable appliance settings are the global attributes for an appliance that can be shared with other appliances. For example, NTP configuration and SNMP configuration are sharable appliance settings, but appliance-specific settings, such as IP address and role-based management attributes are not sharable appliance settings,

Sharable appliance settings are not managed until an appliance is added to a managed set. After you add an appliance to a managed set, any changes that you make to the sharable appliance settings, using the DataPower WebGUI or command line interface, are synchronized from the master appliance to all of the subordinate appliances in the managed set.


Master appliances

The master appliance is the appliance in the managed set used to synchronize sharable appliance settings and managed domains for all appliances within the managed set. Each managed set must have at least one master appliance. Each managed set might also have subordinate appliances.

All subordinate appliances are synchronized with the master appliance, and have the same sharable appliance settings and managed domains as the master appliance. Use DataPower WebGUI or command line interface to change the sharable appliance settings, or a managed domain on a master appliance. The DataPower command line interface is a command line user interface on the DataPower appliance that can be used to configure the appliance.

Sharable appliance settings and managed domains on subordinate appliances are automatically overwritten whenever a change is made to the master appliance. If we use the DataPower WebGUI or the DataPower command line interface to change the sharable appliance settings, or a managed domain on a master appliance, the appliance manager detects the change, and propagates the changes to the remaining appliances in the managed set. If the sharable appliance settings or a managed domain is changed on a subordinate appliance, making the sharable appliance settings or a managed domain different from what is on the master appliance, the appliance manager automatically overwrites the changes on the subordinate appliance with the sharable appliance settings, or managed domain values that are on the master appliance.

Avoid trouble: Ensure that any changes that you make to the shareable appliance settings or a managed domain on a master appliance can be used for all of the appliances in the managed set.gotcha


Managed domains

DataPower supports the use of application domains to partition configuration information into self contained units that are easier to manage. Because an application domain consists of resources configured to provide and support one or more services, we can use domains to group configuration information on a appliance. For example, you might set up a domain for a set of business applications because to keep their DataPower appliance configuration separate from the DataPower appliance configuration for the other applications on that appliance.

A managed domain is a domain on the master appliance that has been added to a managed set in the DataPower appliance manager. The DataPower appliance manager uses the managed domain to synchronize configuration changes to the subordinate appliances that are part of the managed set.

Both master appliances and subordinate appliances can also have unmanaged domains. The DataPower appliance manager does not make configuration changes to unmanaged domains.

The DataPower appliance manager synchronizes managed domains from the master appliance to the subordinate appliances in the managed set. However, it is possible that the managed domain might not be completely functional on all of the subordinate appliances. For example, the managed domain might not be completely functional on a subordinate appliance if a service object, such as an XML firewall, in the managed domain has a listening port conflict on that subordinate appliance.gotcha


Versions of sharable appliance settings

Whenever the appliance manager detects that you have used the DataPower WebGUI or DataPower command line interface to change the sharable appliance settings for a master appliance, the appliance manager automatically creates a new version of the sharable appliance settings. This new version of the sharable appliance settings is called a settings version. The newest settings version is, by default, the active version for the managed set. This new settings version is automatically copied to all of the appliances in the managed set.

We can deploy any version of the sharable appliance settings to a managed set. Whenever you deploy a settings version, the deployed version becomes the active version until the sharable appliance settings are changed, or you deploy a different settings version. If we have more than one version of sharable appliance settings for a managed set, we can complete these tasks.

Avoid trouble: Changes to sharable appliance settings only apply for appliances that are members of the same managed set. Changes are not propagated to appliances that are members of a different managed set.gotcha


Versions of managed domains

When you change a managed domain on a master appliance, the appliance manager automatically detects the change and creates a new version of the managed domain. The newest version of the managed domain is, by default, the active version for the managed set. This new version of the domain is automatically copied to all appliances in the managed set. We can deploy any version of a managed domain to a managed set, and that deployed version automatically becomes the active managed domain for that managed set.

When a managed domain is deleted from a master appliance, the domain is automatically recreated on the master appliance. To delete a managed domain, you must convert the managed domain to an unmanaged domain.

When you have multiple versions of a managed domain, we can perform the following tasks:


Firmware

Firmware version files must be obtained from the IBM support website and are specific to appliance types, model types, and licensed features. When a firmware version is loaded to an appliance, it must be compatible with the appliance type, model type, and licensed features. DataPower appliance manager manages appliances with a 3.6.0.4 or higher level of firmware. A firmware file is typically in a scrypt2 format.


Versions of firmware

The appliance manager automatically determines the firmware version, intended model type, appliance type, and licensed features provided by libraries in the firmware. The appliance manager allows the firmware types to be deployed only to matching appliances.

A firmware version must exist in the DataPower appliance manager before that version can be deployed to appliances. If the firmware version running on an appliance is not in this file, a managed set that includes that appliance can only contain that single appliance, because the appliance manager cannot deploy that firmware version to any other appliance.

When you deploy a particular version of firmware, that version becomes the active version. When you have more than one version of firmware, we can perform the following tasks:

Avoid trouble: Do not use the DataPower 3.6.0.28, 3.6.0.29, or 3.6.0.30 level of firmware for a managed set. These firmware levels might cause the DataPower appliance manager to unnecessarily create new shareable appliance settings versions, or domain versions, and then synchronize these new versions across the managed set.gotcha


Set up and administering a managed set

To create at least one managed set, you must complete the following tasks. These tasks make it possible for the DataPower appliance manager to manage the appliances in a managed set:

After at least one managed set is created, we can complete the following tasks in any order:

We can also use the console to manage long running tasks for the DataPower appliance manager, view the status of these tasks, or delete one or more of these task. However, we cannot delete a task to stop the task from being completed. The only way to interrupt a running task, or prevent the appliance manager from running a task, is to shutdown the appliance manager. Shutting down the appliance manager terminates all running and queued tasks.


Propagating sharable appliance settings and managed domains from master to non-master appliances

If there are multiple appliances in the managed set, then the changes made to the active version of the sharable appliance settings are propagated to the subordinate appliances in the managed set. Likewise, changes made to the managed domains of master appliances are propagated to the subordinate appliances in the managed set.

The appliance manager also detects when subordinate appliances are available. For example, if sharable appliance settings are changed for the master appliance, but the subordinate appliances are not available, then the master appliance and the subordinate appliances cannot be synchronized. When the subordinate appliances are available, the appliance manager detects the change in status and initiates synchronization from the master appliance to the subordinate appliances in the managed set.


Related concepts

  • Secure Socket Layer communication with DataPower


    Related tasks

  • Add DataPower appliances to the DataPower appliance manager
  • Add new firmware versions to the DataPower appliance manager
  • Add a new managed set
  • Modify DataPower appliance manager settings
  • Monitor tasks that DataPower appliance manager is handling
  • Administer managed domain versions
  • Manage versions of sharable appliance settings
  • Administer DataPower appliance domains