Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers

554 vues

Publié le

Creating standalone apps is fun! Think angry bird. But once you want to connect to a enterprise backend and provide enterprise grade security (think a bank app), the mobile app developer productivity starts dropping. Using IBM MobileFirst Platform Foundation Server you can rapidly develop secure mobile apps. The MFP server can be on prem or on the cloud on Bluemix Docker Containers

Publié dans : Mobile
  • Identifiez-vous pour voir les commentaires

Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers

  1. 1. Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers Using IBM MobileFirst Platform Foundation server + @ajaychebbi 1
  2. 2. Development Engagement Security Operations Development Engagement Security Operations Developers unable to focus on High-Value features 2
  3. 3. Data RichSecure Continuously Improve Contextualize and Personalize Features of High-Value Apps 3
  5. 5. Threats on your employees Threats on your customers of financial apps on Android have been hacked of Top 100 Android apps have been hacked annual cost of crime Security Threats 5
  6. 6. Speeding the development, integration and management of mobile applications and infrastructure IBM MobileFirst Platform goes beyond mobile app UI creation to deliver mobile optimized, standards-based, middleware and tools for enterprise-grade mobile applications and services creation Accelerate Web, Native, and Hybrid Development • Rich infrastructure, enabling developer focus on business logic • Preview, simulation, and testing tools for shortening development lifecycle • Mechanisms to industrialize app development • Team work facilitation and development lifecycle tools Facilitate App Security and Trust • Server-enforced authentication • App authenticity and user-app-device binding • Secure and syncable on-device storage • App version enforcement Enable User Engagement • Mobile-friendly enterprise integration • Unified push and SMS notifications • Geo-location and context collections and intelligence • Mobile-friendly integration Support Mobile Operations • Operational analytics with efficient data acquisition • Offline and online event management integration • Remote user and app control without MDM "Best Mobile Development Solution" as voted by SIIA members for 2013 CODiE Awards IBM MobileFirst Platform 6
  7. 7. MobileFirst Server Firewall Existing Integration Hub backend integration HTTP(S) Database WebService REST JMS MQ File FTP SAP Siebel : JDBC Web Service JMSJSON MobileFirst foundation server provides a single secure point of integration into the Enterprise that speeds integration and enables management of mobile solutions Enterprise Applications IBM MobileFirst SDK Enterprise Integration Eclipse, XCode, Visual Studio, Xamarin, Android Studio etc 7
  8. 8. User Authentication • Plugs into existing enterprise security systems with a variety of authentication methods • Certificate-based, Touch ID, LDAP server, Social (oAuth) • Multi-factor authentication • Disable app version, specific user or devices through console App management  Version Enforcement  Remote Disable App Authenticity • Verify app identity; protect brand reputation, intellectual property, and back-end data Encrypt Local Data • Leverage user identity to encrypt and retrieve data stored locally on the device Application Scanning • Find code vulnerabilities complete with remediation assistance Protect enterprise data from mobile exploits Secure Mobile Apps 8
  9. 9. Proactively enforce security updates Remote disable Direct update Provide robust authentication and authorization to secure users Authenticatio n integration framework Data protection realms Coupling device id with user id Streamline corporate security approval processes Mobile platform as a trust factor Protect from Known Application Security Threats Code obfuscation SSL with server identity verification Proven platform security Jailbreak and malware detection App authenticity testing Protect data on the device Encrypted cache / DB Offline authentication Secure challenge- response on startup IBM MobileFirst Platform: Security Features Mapping 9
  10. 10. From multiple point-to-point integrations •Multiple sets of integrations to enterprise resources to build and maintain •YOU manage caching, synchronization and end- to-end encryption To streamlined, transparent access •MFP transforms enterprise data into mobile-friendly, JSON format •MFP Server manages caching, data synchronization and end-to-end encryption ERP Engine App DB HTTP (REST, SOAP), JMS SQL SAP HTTP, CAST IRON JSON MFP Adapters MFP SERVER ERP Engine App DB BlackberryApple BlackberryApple Controlled back-end integration using Adapters 10 Cloud Service Cloud Service
  11. 11. Disable or Notify the end user 11
  12. 12. IBM MobileFirst: Programmable Security Concepts Security Tests A security test defines a security configuration for a protected resource Authentication realms Resources are protected by authentication realms. Authentication processes can be interactive or non-interactive. Authenticators and login modules An authenticator collects client credentials. A login module validates them. 12
  13. 13. <displayName>MyBankAdapter</displayName> <description>MyBankAdapter</description> <connectivity> <connectionPolicy xsi:type="http:HTTPConnectionPolicyType"> <protocol>http</protocol> <domain>rss.cnn.com</domain> <port>80</port> </connectionPolicy> <loadConstraints maxConcurrentConnectionsPerNode="2" /> </connectivity> <procedure name="getDriveLogin” securityTest="Adapter-securityTest” /> <procedure name="getAccounts” /> <procedure name="getTransactions” /> <procedure name="getTransferFunds” /> Adapters can point to security tests 13
  14. 14. <securityTests> <customSecurityTest name="Adapter-securityTest"> <test realm="SampleAppRealm" isInternalUserID="true"/> </customSecurityTest> </securityTests> <loginModules> <loginModule name="StrongAuth"> <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className> </loginModule> </loginModules> <realms> <realm name="SampleAppRealm" loginModule="StrongAuth"> <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className> </realm> </realms> Security Configuration is under the project 14
  15. 15. public override void HandleChallenge(WorklightResponse challenge) { Console.WriteLine ("We were challenged.. so we are handling it"); Dictionary<String,String > parms = new Dictionary<String, String> (); parms.Add ("j_username", "bigboss"); parms.Add ("j_password", "password"); LoginFormParameters = new LoginFormInfo ("j_security_check", parms, null, 30000, "post"); shouldSubmitLoginForm = true; } Code the app side challenge handler 15
  16. 16. public async void Connect(){ //lets send a message to the server client.Analytics.Log("Trying to connect to server",metadata); ChallengeHandler customCH = new CustomChallengeHandler (appRealm); client.RegisterChallengeHandler(customCH); WorklightResponse task = await client.Connect (); //lets log to the local client (not server) client.Logger("Xamarin").Trace ("connection"); //write to the server the connection status client.Analytics.Log ("Connect response : " + task.Success); //return task; } Configure on connect to MobileFirst 16
  17. 17. Public IP Admin Console Admin Service Mobile Browser Simulator Analytics Service Analytics Console Derby MFPF all inclusive starter container Cloudant DataProxyMFPF Run time Deployment on Bluemix Containers – Quick start 17 container registry image run
  18. 18. Demo 18
  19. 19. local registry containers customers image dockerfile ubuntu image java runtime liberty runtime MFPF runtime Customers MFP projects ./prepareserverdbs.sh ./prepareserver.sh ./prepareanalytics.sh ./startserver.sh ./startanalytics.sh 1 2 3 4 Deployment of configurable image hub.docker.com 19
  20. 20. Admin Console Admin Service MFPF Runtime MFPF Container Go Router Analytics Service Analytics Console Analytics Container Depends on Go Router Cloudant Dataproxy Database Service admin Configurable image topology 20
  21. 21. Developer support http://stackoverflow.com/questions/tagged/mobilefirst 21
  22. 22. Resources Home (documentation, blogs, downloads etc...) http://developer.ibm.com/mobilefirst MobileFirst Getting Started (ready made samples, tutorials etc) https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-1/ IBM MobileFirst Support http://stackoverflow.com/questions/tagged/mobilefirst Quick Start on Bluemix http://ibm.co/1PdScm5 22