5/08/2014

DataPower: 5 secrets that you may not have known

Okay, let's go straight to the point, starting with a few questions:
  1. Is it possible to disable a Multi-Protocol Gateway or a Web Service Proxy?
  2. Is it possible to export a certificate from the cert: directory?
  3. Is it possible to increase the number of transactions in the probe history?
  4. Can a Front Side Handler object be created automatically when creating a Web Service Proxy?
  5. Can a service have higher priority over others?

You might have answered yes to at least one of these questions, but would you be surprised if I told you that the answer for every single one is yes?

Follow the link below to see more details about each of the secrets above.


1. Is it possible to disable a Multi-Protocol Gateway or a Web Service Proxy?


Yes, just go to Objects > Service Configuration > Multi-Protocol Gateway (or Web Service Proxy), click on the service you wish to disable, and then on the Main tab change the Administrative State to "disabled".

This screen will contain some other options that you don't normally see when you access the Multi-Protocol Gateway and Web Service Proxy objects through the main screen, so for your own good, explore this new way to configure these objects as much as you can.


2. Is it possible to export a certificate from the cert: directory?

Yes, to do this you have to go to Administration > Miscellaneous > Crypto Tools, then navigate to the Export Crypto Object tab.

In the Object Name property, just provide the name of the Cerypto Certificate Object that is referring to the certificate in the cert: you want to export.

In the Output File Name property, specify any name followed by .xml (hold that thought, we are still in middle of the process).

After clicking in Export Crypto Object, a new file with the specified file name will be placed under the temporary: directory.

Now it is time for the trick…
  1. Open a text editor of your preference (XMLSpy, Notepad++, Notepad, Text Edit, etc)
  2. Feed the first line of a new text file with the following content:

    -----BEGIN CERTIFICATE-----

  3. Open the .xml file that was created during the Export Crypto Object process
  4. Copy the content that is under the element /crypto-export/certificate into your new text file in your local editor (see in bold):

    <?xml version="1.0" encoding="utf-8"?>
    <crypto-export version="1">
        <certificate version="1">MIIEYjCCA0qgAwIBAg[...]IQOHO9nj6QowsSATEWDs==</certificate>
    </crypto-export>

  5. Finish the work in your new text file with the content:

    -----END CERTIFICATE-----

  6. The final file should look similarly to this:

    -----BEGIN CERTIFICATE-----
    MIIEYEBhMCVVMxCzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZBdXN0
    jCCA0qgAwIBAgIISQOHO9nj6QowDQYJKoZIhvcNAQEFBQAwejE

    [...]
    aW4xEjAQBgNVBBAgIISQOHO9nj6QowDQYJKoZIhvcNAQEFBQAw
    ejELMAkGA1UW50ZWdyYXRpb24gVGVjaG5vbG9naWVzMRYwFAYD
    VQQDEw1zZ2EuYXZuZXWEWw==
    -----END CERTIFICATE-----

  7. Save the file using extension .cer, .pem, etc
  8. Done! You have exported a certificate from DataPower under the cert: directory.

Before you ask, yes, DataPower is still safe and private keys cannot be exported following this method.


3. Is it possible to increase the number of transactions in the probe history?

Yes, to do that, just go to Objects > Service Configuration > Multi-Protocol Gateway (or Web Service Proxy), click on the service you wish to change this setting, then navigate to the Probe Settings tab.

Under this tab you have the option to configure the Probe setting. The default is off, but setting this to on, you will see a new property called Transaction History. There you can configure any value between 10 and 250.

You can also set the Probe setting property to unbounded. This option will automatically record the latest 250 transactions that passed through your service (it is the same as setting the option to on and the transaction history to 250).


4. Can a Front Side Handler object be created automatically when creating a Web Service Proxy?

Yes, but you don't wanna do that... Believe it or not, it can be slower than creating them separately...

The reason for that is because the process of creating a regular Web Service Proxy object using its regular interface is super practical and easy (and so is the Front Side Handler).

Another reason you may want to avoid doing this is because many companies have standards on the name of the DataPower objects, so if DataPower starts creating objects by itself, there is a great chance that you will be out of compliance with these standards.

But if you just want to know how to that (maybe to bet it against your friends), here is how you do it:
  1. Go to Objects > Service Configuration > Web Service Proxy > Add
  2. Under the Dynamic Endpoints tab, locate the property Auto-create Source Protocols and switch it to on. This will only work for HTTP Front Side Handlers (another reason to go with the traditional method)
  3. Once you are done with the rest of the configuration, hit Apply and come back here to tell us how DataPower created it (what IP and port did it pick?), as we weren't brave enough to try this out yet.

5. Can a service have higher priority over others?

Yes, and this is a very interesting one...

Under high load, you may want to make sure that the service responsible for the makePayment operation will have higher priority over the service responsible for checkAddress, right? To accomplish this final secret, you will have to:

  1. Go to Objects > Service Configuration > Multi-Protocol Gateway (or Web Service Proxy), and then select the service you want to make the priority higher
  2. Under the Main tab, change the Service Priority property from the default Normal to High.
  3. Done, that is it!

You think that we missed anything that could have been part of this post? Please feel free to add other tricks below!

3 comments:

  1. you export cert works well. I can very well see all the cert info but it is reimported on dp. DP does not recognize it as a valid cert.

    ReplyDelete
  2. Hey, Sumit! Thanks for your comment!

    Is that a password-protected certificate? If so, you will have to replicate the password in the new object (there is a way to find out what the password was if you are unsure).

    Paste the resulted certificate here so we can have a look.

    ReplyDelete