Differences among DataPower products

When you run IBM® DataPower® Gateway on different platforms, major functional differences exist.

The following table lists the primary differences among the DataPower platforms.

Table 1. Primary differences among platforms
  Physical VMware Linux® Docker
Establishing network connectivity Connect the serial cable to the appliance, and configure Ethernet, VLAN, and Link Aggregation interfaces to match your network infrastructure. Configure Ethernet and VLAN interfaces to map the virtual DataPower NICs to the virtual switches of your hypervisor. Network interfaces are used as they are found in the Linux host. Networking is controlled by Docker.
Enabling DNS resolution Configure the DNS object. Same as physical. The DNS object is read-only because it is inherited from the host. Same as Linux.
Controlling unique SNMP engine ID Unique SNMP engine ID automatically created. Same as physical. Same as physical. Use either the environment variable or drouter argument to ensure the creation of a unique SNMP engine ID.
Managing the system clock Use the clock setting and the NTP service. Same as physical. Use the time management facilities of the host. Same as Linux.
Managing DataPower firmware Use the DataPower facilities to install the needed firmware. Same as physical. Same as physical. Select the DataPower image with the FROM line in the DockerFile.
Managing auxiliary storage Use DataPower RAID facilities to manage the physical RAID array. Use DataPower RAID facilities to manage the virtual disks. Use DataPower RAID facilities to manage the block device or file in the Linux host. Use the Docker management facilities to manage the predefined directories that act as DataPower RAID.
Managing the DataPower Gateway configuration Use the DataPower configuration management facilities.
  • Import and export configuration, deployment policies
  • Secure backup and restore
 Same as physical. In addition to the DataPower configuration management facilities, you can map the DataPower directories to directories in the Linux file system and manage the configuration through Linux facilities. Use your own version control and your own Docker image build process.
Planning and managing modules All modules are available. To manage, use DataPower scrypt based tools. All modules except Tenants. To manage, use the DataPower scrypt based tools. Same as VMware. Only the following modules are available.
  • Application Optimization Module
  • B2B Module
  • Integration Module
To manage, use the DataPowerDockerfile based tools.
Scaling deployments Deploy more DataPower instances and balance the workload among instances. Same as physical. Beyond the facilities for physical appliance, you can use the hypervisor or cloud platform integration. Docker orchestration handles scaling.

Establishing network connectivity

Physical appliances are equipped with network ports for data communications between the appliance and external sources. After the appliance is wired into the network, use a DataPower management interface to configure the DataPower network interfaces, network settings, and DNS to match the network infrastructure.

When the platform is VMware, the virtual network interface controllers (NICs) of the DataPower Gateway transmits and receives data from the virtual switches of the hypervisor. After the DataPower image runs and the virtual switches are configured, use a DataPower management interface to configure the following network resources to match the network infrastructure.
  • Network interfaces
  • Network settings
  • DNS

For DataPower Gateway for Linux and DataPower Gateway for Docker, the DataPower Gateway inherits the network settings from the host. You do not need to and cannot configure the network interfaces, network settings, and DNS on the DataPower Gateway. These changes can be configured on only the host.

Back to top

Enabling DNS resolution

For physical appliances and DataPower Gateway for VMware, a DataPower administrator manages the DNS configuration. The DataPower administrator must ensure that the DNS configuration matches the network infrastructure.

For DataPower Gateway for Linux and DataPower Gateway for Docker, the DataPower Gateway inherits the DNS settings from the host. The Linux or Docker administrator is responsible for DNS configuration. The DataPower administrator does not need to and cannot configure the DNS settings. The DataPower DNS configuration object is visible but read-only. Similarly, the DataPower system name is inherited from the hostname and is immutable.

Back to top

Controlling unique SNMP engine ID

A unique SNMP engine ID is created for each DataPower Gateway except for DataPower Gateway for Docker. A unique engine ID prevents multiple DataPower instances from SNMP replay attacks. For DataPower Gateway for Docker, you must set the seed value to generate a unique ID for each instance with either the DATAPOWER_ENGINE_ID_SEED environment variable or the --engine-id-seed drouter argument.

Back to top

Managing the system clock

You are responsible for managing the clock on physical appliances and DataPower Gateway for VMware. You can manage the time with the clock settings or by enabling NTP on the DataPower Gateway.

For DataPower Gateway for Linux and DataPower Gateway for Docker, the DataPower Gateway inherits the clock settings from the host. The Linux or Docker administrator is responsible for managing the clock. The DataPower administrator does not need to and cannot change the clock settings.

Back to top

Managing DataPower firmware

For appliances, you need to manage the firmware for each DataPower Gateway individually. The firmware upgrade process involves obtaining the scrypt based firmware image from IBM Fix Central and applying it.

For DataPower Gateway for VMware and DataPower Gateway for Linux, firmware is managed by applying scrypt files. However, you do not need to manage firmware for each DataPower instance individually. You can create a template of a DataPower Gateway with the scrypt already applied.

DataPower Gateway for Docker uses a different model without scrypt file, which includes firmware files for upgrading. Instead, a different DataPower Docker image is used as the base image. To upgrade the firmware, edit the Dockerfile and build the application. For example, change FROM ibmcom/datapower:10.0.1.5 to FROM ibmcom/datapower:10.2.0 to upgrade the application to the fictional version 10.2.0.

Back to top

Managing auxiliary storage

Physical appliances are equipped with physical disks for storing auxiliary data. These disks are managed by using the raid-volume command and the commands in the RAID array mode. DataPower provides commands for file system initialization, partitioning, and RAID-specific actions like rebuilding.

For DataPower Gateway for VMware, disks are virtualized. You configure the hypervisor to allocate a virtual disk to the DataPower VM that DataPower then treats as a block device. DataPower provides commands for file system initialization and partitioning, RAID-specific actions such as rebuilding are not available because no RAID array is visible to DataPower.

For DataPower Gateway for Linux, the DataPowerRaidDevice directive in the datapower.conf file controls how the DataPower Gateway emulates the RAID device. Auxiliary storage can be backed with a block device or a file in the Linux file system. When backed by a file, that file is used as a loop device and treated as a block device. DataPower provides commands for file system partitioning and initialization, RAID-specific actions such as rebuilding are not available. For more information, see Enabling RAID for DataPower for Linux.

For DataPower Gateway for Docker, auxiliary storage is rarely needed because the only limit on the amount of storage available in the default location is the Docker limit. When auxiliary storage is needed, for B2B or to match the configuration to a different platform, the storage is not backed with a block device. Instead, the storage is just a directory inside the container. In the RAID array configuration, you can specify that directory. Other DataPower RAID commands are not available because the partitions, file systems, and arrays that these commands manage do not exist. For more information, see RAID and a DataPower Docker image.

Back to top

Managing the DataPower Gateway configuration

The DataPower Gateway provides the following approaches to manage its configuration.
  • Import and export.
  • Secure backup and restore.
  • Saving files as source.
  • Using include configuration files with customization scripts.
Import and export
All platforms can use import and export. This approach is suited when you want to manage only part of the configuration on the DataPower Gateway and uses the following procedure.
  1. Export the configuration from the source DataPower Gateway.
  2. Import the exported package to the target DataPower Gateway and specify the deployment policy to modify the configuration that must be changed between the source and target.
Secure backup and restore
When enabled, secure backup and restore are available on appliances, DataPower Gateway for Linux, and DataPower Gateway for VMware. Secure backup is especially useful on appliances because it provides a way to clone an appliance. On other platforms, you can use the platform tools that provide the same function.
  • For DataPower Gateway for VMware, hypervisor tools are suited to this task.
  • For DataPower Gateway for Linux, you can manage configuration by backing up and restoring DataPower files.
  • For DataPower Gateway for Docker, the secure backup and restore features are not available because it runs contrary to Docker-friendly SDLC.
Saving files as source
Using include configuration files with customization scripts
This approach is especially suited to DataPower Gateway for Docker and DataPower Gateway for Linux although it can be used on other platforms as well. This approach involves keeping the DataPower .cfg files and all supporting files such as .xsl and .js files in version control. Any configuration that is not part of the base is placed in an include configuration file, which can be different for each DataPower Gateway. This file can be automatically generated before the DataPower Gateway starts. In this way, a new DataPower Gateway can be ready in the same way that an HTTP daemon can be configured before startup.
  • To use this approach on physical appliances and DataPower Gateway for VMware, create a deployment script that copies the files to the DataPower Gateway. This approach works especially well for domains and when hostnames are abstracted with DNS host aliases and listen-on addresses are abstracted with static hosts.
  • To use this approach on DataPower Gateway for Linux, use the DataPowerConfigDir and DataPowerLocalDir directives in the datapower.conf file. These directives map the DataPower directories to your specified directories in the Linux file system. You can then configure the DataPower Gateway by placing appropriate files in the appropriate directories.
  • For DataPower Gateway for Docker, you can use the Docker volume management facilities to manage the configuration. This approach is what is expected in the Docker way of deploying and configuring software.

Back to top

Planning and managing modules

The available add-on modules and features differ on different platforms. Consider the features when you choose the platform to run the DataPower Gateway.

Physical
The following modules are available.
  • Application Optimization Module
  • B2B Module
  • Integration Module
  • Extended Oracle support for the Database Connectivity feature
  • TIBCO EMS Module
  • Tenant Module
  • Transformation Extender Module
To manage modules and features, use the scrypt based tools that are available from IBM Passport Advantage® and IBM Fix Central.
VMware and Linux
The following modules are available.
  • Application Optimization Module
  • B2B Module
  • Integration Module
  • Extended Oracle support for the Database Connectivity feature
  • TIBCO EMS Module
  • Transformation Extender Module
To manage modules and features, use the scrypt based tools that are available from IBM Passport Advantage and IBM Fix Central.
Docker
Only the following modules are available.
  • Application Optimization Module
  • B2B Module
  • Integration Module
  • Transformation Extender Module
DataPower Gateway for Docker uses Dockerfile based tools that are available from IBM Passport Advantage for enabling modules and a tool that is built in the image for disabling modules. These tools are used from your Dockerfile.

For more information about which functions are included in an add-on module and how to manage the modules and features, see Add-on module management.

Back to top

Scaling deployments

With physical appliances and DataPower Gateway for VMware, you can scale deployments. Scaling involves adding another DataPower instances a tier.
  • Add to a tier of locally balanced instances.
  • Add another tier in other data center with a geographic balancer.

With DataPower Gateway for Linux, the same pattern applies. However, you can scale the deployment by using hypervisor tools and cloud tools. These tools enable the creation of a new virtual machine that does not need to be changed after it is created.

DataPower Gateway for Docker further improves the dynamic scaling capability of DataPower Gateway for Linux because of Docker orchestrators. Docker orchestrators provide rich and varied options for controlling a tier of containers.

Back to top