Integration with IBM WebSphere DataPower as a security gateway and reverse proxy

Protect your mobile-application traffic by using IBM® WebSphere® DataPower® as a reverse proxy and security gateway in the DMZ between client applications and MobileFirst Server.

Protecting mobile-application traffic that enter your network from customer and employee devices involves preventing data from being altered, authenticating users, and allowing only authorized users to access applications. You can use the DataPower security-gateway features of to protect mobile-application traffic that is initiated by client MobileFirst applications.

Enterprise topologies are designed to include different protection zones so that specific processes can be secured and optimized. You can use DataPower in different ways in the DMZ (a firewall configuration for securing local area networks) and in other zones within your network to protect enterprise resources. When you start to build MobileFirst applications to be delivered to the devices of your customers and employees, you can apply these methods to protect the mobile-application traffic.

You can use DataPower as a front-end reverse proxy and security gateway. DataPower uses a multiprotocol gateway (MPGW) service to proxy and secure access to MobileFirst mobile applications. You can select the method that DataPower will use to authenticate the mobile client, such as HTTP basic authentication or HTML forms-based authentication. The following topics demonstrate how to implement this topology by using either HTTP basic authentication or HTML forms-based authentication. You can adjust the procedure, as needed, to use a different authentication method. For more information about configuring DataPower, see the WebSphere DataPower documentation.

Consider adopting the following phased approach to establishing DataPower as a reverse proxy and security gateway:
  1. Install and configure a MobileFirst environment, and test the installation with a simple application without DataPower acting as the reverse proxy.
  2. Test your application logic and verify that it works.
  3. Configure your MobileFirst project to work with your preferred reverse-proxy DataPower gateway configuration.
  4. Configure a multi-protocol gateway on your DataPower appliance to use DataPower as a proxy for your MobileFirst mobile application or MobileFirst Operations Console. As part of the configuration select your preferred authentication method for the DataPower AAA (authentication, authorization, audit) policy.
  5. Run your application and attempt to access a protected resource to test the implementation.
Note: To integrate your application with DataPower by using LTPA and DataPower HTML forms-based authentication, follow the specialized procedure Integrating with DataPower as a reverse proxy using LTPA and form-based authentication. This procedure includes a DataPower configuration pattern and MobileFirst samples that eliminate much of the manual configuration described in the more generic procedure Integrating with DataPower as a security gateway and reverse proxy.

Related information

Parent topic: Configuring MobileFirst Server