Upload
ajay-chebbi
View
365
Download
2
Embed Size (px)
Citation preview
Rapidly develop secure mobile apps with IBM MobileFirst on Bluemix Containers
Using IBM MobileFirst Platform Foundation server
+
@ajaychebbi
1
Development
Engagement
Security
Operations
Development
Engagement
Security
Operations
Developers unable to focus on High-Value features
2
DataRichSecure
ContinuouslyImprove
Contextualizeand Personalize
Features of High-Value Apps
3
BUILD, INTEGRATE & SCALE WITH MODULAR SERVICES
IBM MobileFirst Platform
IBM MobileFirst ProtectSECURE & MANAGE DEVICES,APPS, CONTENT & TRANSACTIONS
TRANSFORM YOUR BUSINESS
IBM MobileFirst Solutions
ENGAGE YOUR CLIENTS IN NEW WAYS
IBM MobileFirst Engage
4
Threats on your
employees
Threats on your
customers
of financial apps
on Android
have been
hacked
of Top 100
Android apps
have been
hacked
annual cost
of crime
Security Threats
5
Speeding the development, integration and management of mobile applications and
infrastructure
IBM MobileFirst Platform goes beyond
mobile app UI creation to deliver mobile
optimized, standards-based, middleware
and tools for enterprise-grade mobile
applications and services creation
Accelerate Web, Native, and Hybrid Development• Rich infrastructure, enabling developer focus on business logic
• Preview, simulation, and testing tools for shortening
development lifecycle
• Mechanisms to industrialize app development
• Team work facilitation and development lifecycle tools
Facilitate App Security and Trust• Server-enforced authentication
• App authenticity and user-app-device binding
• Secure and syncable on-device storage
• App version enforcement
Enable User Engagement• Mobile-friendly enterprise integration
• Unified push and SMS notifications
• Geo-location and context collections and intelligence
• Mobile-friendly integration
Support Mobile Operations• Operational analytics with efficient data acquisition
• Offline and online event management integration
• Remote user and app control without MDM"Best Mobile Development Solution" as voted by
SIIA members for 2013 CODiE Awards
IBM MobileFirst Platform
6
MobileFirst
Server
Firewall
Existing
Integration
Hubbackend integration
HTTP(S)
Database
WebService
REST
JMS
MQ
File
FTP
SAP
Siebel
:
JDBC
Web Service
JMSJSON
MobileFirst foundation server provides a single secure point of integration into the Enterprise that speeds
integration and enables management of mobile solutions
En
terp
rise
Ap
plica
tion
s
IBM
MobileFirst
SDK
Enterprise Integration
Eclipse, XCode, Visual Studio, Xamarin,
Android Studio etc
7
User Authentication
• Plugs into existing enterprise security systems with a variety of
authentication methods • Certificate-based, Touch ID, LDAP server, Social (oAuth)
• Multi-factor authentication
• Disable app version, specific user or devices through console
App management
Version Enforcement
Remote Disable
App Authenticity
• Verify app identity; protect brand reputation, intellectual property,
and back-end data
Encrypt Local Data
• Leverage user identity to encrypt and retrieve data stored locally
on the device
Application Scanning
• Find code vulnerabilities complete with remediation assistance
Protect enterprise data from mobile exploits
Secure Mobile Apps
8
Proactively enforce
security updates
Remote
disableDirect update
Provide robust authentication
and authorization to secure
users
Authenticatio
n integration
framework
Data
protection
realms
Coupling
device id
with user id
Streamline corporate
security approval
processes
Mobile
platform as a
trust factor
Protect from Known
Application Security
Threats
Code
obfuscation
SSL with
server
identity
verification
Proven
platform
security
Jailbreak and
malware
detection
App
authenticity
testing
Protect data on the device
Encrypted
cache / DB
Offline
authentication
Secure
challenge-
response on
startup
IBM MobileFirst Platform: Security Features Mapping
9
From multiple point-to-point
integrations
•Multiple sets of integrations to enterprise
resources to build and maintain
•YOU manage caching, synchronization and end-
to-end encryption
To streamlined, transparent access
•MFP transforms enterprise data into
mobile-friendly, JSON format
•MFP Server manages caching, data
synchronization and end-to-end encryption
ERP
EngineApp DB
HTTP (REST, SOAP), JMS
SQL SAP
HTTP, CAST IRON
JSON
MFP Adapters
MFP
SERVER
ERP
EngineApp DB
BlackberryApple
BlackberryApple
Controlled back-end integration using Adapters
10
Cloud
Service
Cloud
Service
Disable or Notify the end user
11
IBM MobileFirst: Programmable Security Concepts
Security TestsA security test defines a security configuration for a protected resource
Authentication realms Resources are protected by authentication realms. Authentication processes can be interactive or non-interactive.
Authenticators and login modules An authenticator collects client credentials. A login module validates them.
12
<displayName>MyBankAdapter</displayName>
<description>MyBankAdapter</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>http</protocol>
<domain>rss.cnn.com</domain>
<port>80</port>
</connectionPolicy>
<loadConstraints maxConcurrentConnectionsPerNode="2" />
</connectivity>
<procedure name="getDriveLogin” securityTest="Adapter-securityTest” />
<procedure name="getAccounts” />
<procedure name="getTransactions” />
<procedure name="getTransferFunds” />
Adapters can point to security tests
13
<securityTests> <customSecurityTest name="Adapter-securityTest">
<test realm="SampleAppRealm" isInternalUserID="true"/></customSecurityTest> </securityTests>
<loginModules><loginModule name="StrongAuth"><className>com.worklight.core.auth.ext.NonValidatingLoginModule</className></loginModule></loginModules>
<realms><realm name="SampleAppRealm" loginModule="StrongAuth"><className>com.worklight.core.auth.ext.FormBasedAuthenticator</className></realm></realms>
Security Configuration is under the project
14
public override void HandleChallenge(WorklightResponse challenge)
{
Console.WriteLine ("We were challenged.. so we are handling it");
Dictionary<String,String > parms = new Dictionary<String, String> ();
parms.Add ("j_username", "bigboss");
parms.Add ("j_password", "password");
LoginFormParameters = new LoginFormInfo ("j_security_check", parms,
null, 30000, "post");
shouldSubmitLoginForm = true;
}
Code the app side challenge handler
15
public async void Connect(){
//lets send a message to the server
client.Analytics.Log("Trying to connect to server",metadata);
ChallengeHandler customCH = new CustomChallengeHandler (appRealm);
client.RegisterChallengeHandler(customCH);
WorklightResponse task = await client.Connect ();
//lets log to the local client (not server)
client.Logger("Xamarin").Trace ("connection");
//write to the server the connection status
client.Analytics.Log ("Connect response : " + task.Success);
//return task;
}
Configure on connect to MobileFirst
16
Public
IP
Admin Console
Admin Service
Mobile Browser Simulator
Analytics Service
Analytics Console
Derby
MFPF all inclusive starter container
Cloudant DataProxyMFPF Run time
Deployment on Bluemix Containers – Quick start
17
container
registry
image
run
Demo
18
local registry
containers
customers image
dockerfile
ubuntu image
java runtimeliberty runtimeMFPF runtimeCustomers MFP projects
./prepareserverdbs.sh
./prepareserver.sh
./prepareanalytics.sh
./startserver.sh
./startanalytics.sh
1
2
3
4
Deployment of configurable image
hub.docker.com
19
Admin Console
Admin Service
MFPF Runtime
MFPF ContainerGo
Router
Analytics Service
Analytics Console
Analytics Container
Depends on
Go
Router
Cloudant Dataproxy
Database
Service
admin
Configurable image topology
20
Developer supporthttp://stackoverflow.com/questions/tagged/mobilefirst
21
Resources
Home (documentation, blogs, downloads etc...)
http://developer.ibm.com/mobilefirst
MobileFirst Getting Started (ready made samples, tutorials etc)
https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-1/
IBM MobileFirst Support
http://stackoverflow.com/questions/tagged/mobilefirst
Quick Start on Bluemix
http://ibm.co/1PdScm5
22