Trading AS2 with the DataPower Gateway - Capabilities

Transcription

Trading AS2 with the DataPower Gateway - Capabilities
Lab HYI9533
Trading AS2 with the DataPower Gateway
z
February 2016 edition
NOTICES
This information was developed for products and services offered in the USA.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for
information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended
to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does
not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of
any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does
not grant you any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive, MD-NC119
Armonk, NY 10504-1785
United States of America
The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law:
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in
certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these
changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the
program(s) described in this publication at any time without notice.
Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of
those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly
available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related
to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the
examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names
and addresses used by an actual business enterprise is entirely coincidental.
TRADEMARKS
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many
jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is
available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in
the United States, and/or other countries.
Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under
license therefrom.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are
trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
IT Infrastructure Library is a Registered Trade Mark of AXELOS Limited.
ITIL is a Registered Trade Mark of AXELOS Limited. Java and all Java-based trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates. Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum
in the U.S. and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft,
Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
© Copyright International Business Machines Corporation 2015.
This document may not be reproduced in whole or in part without the prior written permission of IBM.
US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Table of contents
Introduction .............................................................................................................................. 1
B2B Scenario Overview ........................................................................................................... 3
Configuration of DataPower for B2B....................................................................................... 5
Identify the IBM DataPower Gateway (IDG) IP Address ......................................................... 5
Logon to the DataPower Web GUI ......................................................................................... 6
Create a Host Alias................................................................................................................. 6
Configure Log Level in the STUDENT Domain to set it to Debug ........................................... 8
Configure Trading Partner Profiles ......................................................................................... 9
Configure Your Company’s Profile (Internal) ..................................................................... 10
Configure Your Partner’s Profile (External) ....................................................................... 13
Configure the “HubOwner” B2B Gateway ............................................................................. 17
Test Trading Outbound XML Documents ............................................................................. 25
Test Scenario One: Outbound XML from Student to Partner ................................................ 25
Test Scenario Two: Outbound XML Failure from Student to Partner..................................... 29
Adding AS security to the existing configuration ................................................................ 33
AS Security Overview ........................................................................................................... 33
Internal Partner Profile – AS Security ................................................................................... 34
External Partner Profile – AS Security .................................................................................. 39
Test Scenario Three: Inbound EDI-X12 from Partner to Student .......................................... 43
Resource guide ...................................................................................................................... 51
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
I
Introduction
This lab uses two VMWare images; image 1 (HYI9533_IC16_VM1) is The DataPower V7.2.0.2
Runtime with the B2B Module enabled, image 2 (HYI9533_IC16_VM2) is a Windows Base
image which contains the student files, utilities and the browser we are using to connect to the
DataPower image. Please be sure both images are running before starting the lab exercises.
This base lab is designed to be executed in 45 minutes. You can optionally test the
configuration by following the testing process listed in this document; it will take between 5 and
10 minutes. This lab also gives you the option of configuring and testing AS2 data security
which will take an additional 15 to 30 minutes.
This document contains the steps involved in configuring the IBM DataPower Gateway B2B
Option to trade AS2 messages with your trading partners; more specifically, it covers the three
exercises below:
1. Configuration of DataPower for B2B

Login to DataPower, create a Host Alias and set the Log Level

Configuration of trading partner profiles

o
Creation of your internal profile which comprises of your company’s trading
information
o
Creation of the trading partner’s external profile which comprises of your
partner’s trading information
Configuration of the B2B Gateway Service for trading AS2 messages
o
Creation of an AS2 Front-side Protocol Handler to be used for receiving AS2
messages from trading partners
o
Creation of an HTTP Front-side Protocol Handler to be used for receiving
files from the simulated back-end system
o
Association of profiles with the B2B Gateway
o
Configuration of a data archive process to keep the system free of outdated
B2B transaction data
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
1
2. Scenario testing and viewing transactions

Trade Outbound AS2/XML with an external partner

Trade Outbound AS2 to invalid partner to show failure

Use the B2B Viewer to see the state of your transactions
3. Adding AS security to the existing configuration

Configuration of AS data security for signing, verification, encryption and decryption
of payload data for each profile

Receive Inbound AS2/EDI from an external partner and view the transactions in the
B2B Viewer
For the purpose of the lab, we will be configuring a B2B Gateway Service in a single domain
named STUDENT which will act as the Student’s B2B gateway. The Partner’s B2B gateway is
pre-configured in its own domain named PARTNER and is used to allow us to simulate a
Trading Partner without the need for another instance of software. Additionally, we will be using
a pre-configured multi-protocol gateway to simulate the receiving back-end system as well as a
utility called NetTool to simulate the sending back-end system.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
2
B2B Scenario Overview
Data is exchanged between two trading partners; in DataPower these partners are either
Internal to the system or external to the system.
Internal Partner: The internal partner is the primary company and driving force within the hub
community. This company is responsible for the purchase and construction of the hub
community, including definition of the electronic business processes transacted between them
and their external partners. The Internal Partner’s company will be represented by a B2B
Gateway Service named “HubOwner”.
External Partner: External partners are the companies that do business with the internal
partner via the hub community. External partners must complete a configuration process to
connect to the hub community. Once connected, external partners can exchange electronic
business documents with the internal partner. The external partner’s company will be
represented by a separate Application Domain named “PARTNER” which has already been
created for you in the DataPower virtual appliance.
The objective of this lab is to show you how to configure the IBM DataPower Gateway with the
B2B Module for AS2 communication, you can also optionally test the outbound XML scenarios
to validate your configuration. Additionally, you can configure AS Security and test an inbound
EDI scenario to validate the security configuration.
In this lab we are configuring DataPower B2B to support two data flows; XML Outbound from
you to a trading partner and EDI-X12 inbound from the trading partner to you. Figures 1.0 and
1.1 illustrate each of these flows.
Figure 1.0 Outbound XML Data Flow
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
3
Figure 1.1: Inbound EDI-X12 Data Flow
NOTE: DataPower B2B is capable of supporting a wide range of B2B and MFT patterns; you
can find detailed information on AS1, AS2, AS3, ebMS B2B Patterns as well as SFTP, FTP and
E-Mail Managed File Transfer Patterns in the recently released DataPower B2B book; IBM
WebSphere DataPower SOA Appliance Handbook: 2nd Edition Volume IV: DataPower
B2B and File Transfer. This book is available in the Interconnect 2016 Book Store or from
Amazon at http://amzn.to/1mfyPjP
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
4
Configuration of DataPower for B2B
This section provides you with the step-by-step instructions on how to configure DataPower to
trade AS2 documents between yourself and an external trading partner. DataPower comes in
two form factors; a hardware appliance that provides unappalled performance security and a
virtual appliance that allows you to run in supported virtual or cloud environments like VMWare
ESX, Citrix Xen, IBM PureSystems, IBM Softlayer or Amazon EC2. For the B2B exercises in
this lab we are running IBM DataPower Virtual Appliance with the B2B Module enabled on
VMWare Workstation.
Identify the IBM DataPower Gateway (IDG) IP
Address
1. Click into the HYI9533_IC16_VM1 image in the VMWare Console and login to
DataPower as admin with a password of admin1.
2. At the idg# command line prompt type show int (this will display the IP addresses for
each interface). Take note of the IP address next to eth0 (Figure 2.0 is an example of
what the DataPower interface view looks like; the IP addresses may be different than the
picture. The eth0 address you see in your DataPower VM will be the address used
when we configure the Host Alias object and when we test the configuration using the
NetTool utility.
Figure 2.0: DataPower Server Login
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
5
Logon to the DataPower Web GUI
1. Launch Firefox from the HYI9533_IC16_VM2 image and log on to DataPower’s Web
GUI using the following URL: https://{IDG_IPAddress}:9090 where {IDG_IPAddress} is
the IP Address of eth0 from your DataPower VMWare image. NOTE: If a warning about
the URL pops up, accept the URL as valid and add an exception.
2. Login to the DataPower web GUI Console using admin for the User Name, admin1 for
the Password and select default from the drop down for the Domain. The login will
look like Figure 2.1.
Figure 2.1: DataPower Console Login in HYI9533_IC16_VM2
Create a Host Alias
1. To create a Host Alias object, in the left navigation menu of the DataPower Web GUI, type host
in the search box and then select Host Alias from the search result (See Figure 2.2).
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
6
Figure 2.2: DataPower Host Alias
2. In the Configure Host Alias view, you will see a table that houses all of the aliases
associated with this appliance. Click on the Add (1) button to add a new host alias
object.
3. Name the host alias IDG (2) and use the IP address (3) of eth0 from your DataPower
VMWare image. TIP: Look at the URL in the browser; it contains the IP address.
4. Click on the Apply (4) button to complete the configuration of the Host Alias object.
5. After you click on the Apply button, click on Save Configuration in the upper right
corner of the DataPower web GUI to make the configuration persistent.
6. Click on the word Control Panel in the upper left corner of the left navigation menu to
return to the Control Panel view.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
7
Figure 2.3 is an example of what the Configure Host Alias screen looks like.
Figure 2.3 Configure Host Alias
Configure Log Level in the STUDENT Domain to
set it to Debug
By default your Domain log levels are set to error; to make it easier to trouble shoot issues as
they arise please change into the STUDENT Domain and set your log levels to debug.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
8
NOTE: Debug should not be used during the normal operation of the appliance; it should only
be used when testing or trying to isolate a specific issue.
1. From the Control Panel click on the Domain drop down and select the STUDENT
Domain as seen in Figure 2.4.
Figure 2.4 Change Domain to STUDENT
2. In the STUDENT Domain’s Control Panel click on the Troubleshooting icon.
3. In the Logging section of the Troubleshooting Panel drop down the log level,
choose debug and click on Set Log Level as seen in Figure 2.5.
Figure 2.5 Set Log Level to debug
4. Click on Confirm and Close in the Execute Action boxes in the pop up dialog.
5. Click on Save Configuration in the upper right corner of the DataPower Web GUI to
make the configuration persistent.
6. Click on the word Control Panel in the upper left corner of the left navigation menu to
return to the Control Panel view.
Configure Trading Partner Profiles
The B2B Partner Profile is the configuration object where the trading partner information is
defined. This information includes the profile name, profile type, business IDs, AS security,
destinations for document routing, and contact information. For the purpose of this lab we will
only configure the required settings in the profile; the Main and Destinations tabs. A trading
relationship consists of, at minimum, one internal and one external profile. For more detailed
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
9
information on Profile types, please refer to section 7.1.1 in the XB60 Redbook which can be
found at http://www.redbooks.ibm.com/abstracts/sg247745.html?Open
Configure Your Company’s Profile (Internal)
1. To create your internal profile click on B2B Partner Profile from the Control Panel.
If you are not in the Control Panel click on it in the left navigation menu.
2. In the Configure B2B Partner Profile view, click on the Add button.
3. Configure the Partner Profile Main tab (see Figure 2.6 below).
a. In the Name field enter a descriptive name for your Internal Profile; for this lab use
Student.
b. Choose enabled in the Administrative State field.
c. Optionally add comments that describe this profile.
d. Choose Internal in the Profile Type field.
e. In the Partner Business IDs field enter your two ID’s; for this lab use student
and zzstudent, type in the ID and click on the add button to place each business ID
in the list.
f.
Take the default values for all other fields.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
10
Figure 2.6 Configure Internal B2B Partner Profile – Main tab
4. Skip the AS Setting and ebMS Settings tabs.
5. Configure the Partner Profile Destinations tab (See Figure 2.7 below).
a. Click on the Destinations tab; the Name field will carry over to the
Destinations screen, please do not change it.
b. In the Destinations section click on the Add button to add a destination to this
profile. Since this profile is an internal profile the destination will typically be a
system or application inside your private network. For the purpose of this lab we will
integrate with HTTP to a simulated back-end system that has been created for you.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
11
c. Enter a descriptive name in the Destination Name field; for the purpose of this lab
use HTTP_Backend.
d. Leave all of the boxes checked in the Enable Document Type section; this will
allow your internal profile to accept and produce all supported file types.
e. In the Connection section use the drop down to select http:// as the
Destination URL Type and use 127.0.0.1:30000 as the address. (NOTE: We are
using the local host address since our simulated backend is on the same DataPower
instance being used for this lab)
f.
Change the Connection Timeout to 120 seconds.
g. Be sure the User Name is blank and Password Alias is set to none since we
are not using Basic Auth.
h. Click on the Apply button inside the Destinations box to return to the Destination
List. (NOTE: You may need to scroll back to the top of the page after creating the
destination to see the configured fields)
Figure 2.7 Configure Internal B2B Partner Profile – Destinations tab
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
12
6. Skip the Contacts tab and click on the Apply button in the upper left side of the profile to
save it to the profile list.
7. Click on the Save Configuration link in the upper right corner of the web GUI to persist the
configuration.
You have just completed the creation and configuration of your internal
profile; required to complete your side of the trading relationship.
Configure Your Partner’s Profile (External)
1. After creation of the internal profile click on B2B Partner Profile next to the word
Configure at the top of the screen to get back in the B2B Partner Profile list view.
2. Click on the Add button to configure a new profile.
a. Configure the Partner Profile Main tab in the same fashion you did for the internal
profile using the information that follows. (See Figure 2.8)
b. In the Name field enter a descriptive name for your partner’s External Profile; for this
lab use Partner.
c. Choose enabled in the Admin State field.
d. Optionally add comments that describe this profile.
e. Choose External in the Profile Type field.
f.
In the Partner Business IDs field enter your two ID’s; for this lab use partner
and zzpartner, type in the ID and click on the Add button to add each business ID to
the list.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
13
Figure 2.8 Configure External B2B Partner Profile – Main tab
3. Skip the AS Settings and ebMS Settings tab
4. Configure the Partner Profile Destinations tab (See Figure 2.9).
a. The Name field will carry over into the Destinations tab, please do not change it
b. In the Destinations section click on the Add button to add a destination to this
profile. Since this profile is an external profile the destination will be a trading
partner’s Internet URL. For the purpose of this lab we will use the AS2 B2B
Messaging protocol to protect the data over the Internet.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
14
c. Enter a descriptive name in the Destination Name field; for the purpose of this lab
use Partner_AS2.
d. Leave all of the boxes checked in the Enable Document Type section; this will
allow this profile to accept and produce all supported file types.
e. In the Connection section, use the drop down to select as2:// as the
Destination URL Type and use 127.0.0.1:30002 as the address. (NOTE: We are
using the local host address since our simulated partner hub is on the same XB62
system being used for this lab)
f.
Change the Connection Timeout to 120 seconds.
g. Be sure the User Name is blank and Password Alias is set to none since we
are not using Basic Auth.
h. In the AS Outbound Security section, place a check in the Send Messages
Unsigned box.
i.
Leave the Encrypt Messages field unchecked.
j.
In the Advanced AS Behavior section, leave the Binary Transfer field set to
Auto Detect.
k. Leave the Compress Messages box unchecked.
l.
Place a check in the box next to the Request MDN field; this will make additional
MDN fields visible; this will allow us to request a MDN back from the partner verifying
they received the file.
m. Set the Time to Acknowledge field to 120; since we are using sync MDNs we
want the timeout to be smaller then the default of 30 minutes (1800 ms)
n. Leave the Request Asynchronous MDN field unchecked.
o. Leave the Request Signed MDN field unchecked.
p. Leave the Attempt Message Retransmission box unchecked. (NOTE: This
setting is used if we want to configure automatic resends based on reception of an
MDN before the Time to Live setting is exceeded)
q. Click on the Apply button inside the Destinations box to return to the Destination
List. (NOTE: You may need to scroll back to the top of the page after creating the
destination to see the configured fields)
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
15
Figure 2.9 Configure External B2B Partner Profile – Destinations tab
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
16
5. Skip the Contacts tab and click on the Apply button in the upper left side of the profile
to save it to the profile list.
6. Click on the Save Configuration link in the upper right corner of the web GUI to persist
the configuration.
7. After creation of both profiles click on B2B Partner Profile next to the word Configure at
the top of the screen to get back in the B2B Partner Profile list view. When both
profiles are added correctly you will see a Profile list view similar to Figure 2.10.
Figure 2.10 B2B Partner Profile List View
You have just completed the creation and configuration of your
internal and external profiles; both are required at minimum for
exchanging files between partners. Additional External partners can
be added to expand your trading partner community.
Configure the “HubOwner” B2B Gateway
Your B2B Gateway is going to be the primary B2B hub and is depicted in the scenarios as the
owner of the IBM DataPower Gateway Appliance. This “Student” B2B Gateway will be
configured to trade with a single partner’s B2B hub, the partner’s B2B hub could be any AS2
Interoperable product; however, for the purpose of this exercise we have simulated the partner’s
B2B hub in a separate domain on the same DataPower Virtual Appliance being used for this
lab.
1. From the Control Panel click on B2B Gateway Service. If you are not in the Control
Panel click on it in the left navigation menu.
2. In the Configure B2B Gateway view, click on the Add button.
3. Configure the Main tab (See Figure 2.11).
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
17
a. Enter the B2B Gateway name in the Name field; for the purpose of this lab use
HubOwner.
b. Choose enabled in the Admin State field.
c. Optionally add comments that describe this gateway.
d. Take the defaults for the Document Storage Location and XML Manager
fields.
2.11 Configure B2B Gateway – Main Tab - General Configuration
e. In the Document Routing section of the Main tab create and configure an AS2
Front Side Handler; this handler will be used to receive AS2 messages and MDNs
from the trading partner (See Figure 2.12).
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
18
i. Click on the Plus Sign (+) inside the Front Side Protocol Handlers
box to create a new handler.
ii. Choose AS2 Front Side Handler from the list of handlers.
iii. In the Main tab, Name field enter AS2_Listener.
iv. Choose enabled in the Admin State field.
v. Optionally add comments that describe this handler.
vi. Click on the Select Alias button in the Local IP Address field and select
IDG; click on the Apply button in the box to apply it.
vii. In the Port Number field enter 30010.
viii. Take the default values for all other fields and click on the Apply button at the
top of the Configure AS2 Front Side Handler screen.
ix. Click on the Add button next to the green plus sign in the Front Side
Protocol Handler box to add the listener to the Front Side Protocol
Handler list.
Figure 2.12 Configure B2B Gateway – Main Tab - Configure AS2 Front Side Handler
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
19
f.
In the Document Routing section create and configure an HTTP Front Side
Handler; this handler will be used to receive files from your back-end (See Figure
2.13).
i. Click on the Plus Sign (+) to create a new handler.
ii. Choose HTTP Front Side Handler from the list of handlers.
iii. In the Main tab, Name field enter HTTP_Listener.
iv. Choose enabled in the Admin State field.
v. Optionally add comments that describe this handler.
vi. Click on the Select Alias button in the Local IP Address field and select
IDG.
vii. In the Port Number field enter 30011.
viii. Take the default values for all other fields and click on the Apply button the
top of the Configure AS2 Front Side Handler screen.
ix. Click on the Add button next to the green plus sign in the Front Side
Protocol Handler box to add the listener to the Front Side Protocol
Handler list.
Figure 2.13 Configure B2B Gateway – Main Tab - Configure HTTP Front Side Handler
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
20
g. In the Attach Partner Profiles section click on the drop down, select Partner
and click on the Add button in the Active Partner Profiles box, click on the
drop down again, select Student and click on Add button again; this associates the
profiles you created earlier in the exercise to your B2B Gateway.
h. Skip Active Profile Groups
The completed Main tab for the B2B Gateway should look like figure 2.14 below:
Figure 2.14 Completed B2B Gateway Main Tab
4. Configure the Archive tab (See Figure 2.15). (NOTE: The Archive tab is used to
automatically keep the B2B document and metadata storage areas clean. There are two
modes; Archive and Purge and Purge Only.)
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
21
a. The Name field will carry over to the Archive screen, please do not change it.
b. In the Archive Mode field use the drop down and select Purge Only.
c. Take the defaults for all of the other fields. (NOTE: Do not click on Apply at this
time)
Figure 2.15 Configure B2B Gateway - Archive Tab
5. Configure the XML Formats tab (See Figure 2.16); this tab is used to configure the
XPath’s of the Sender and Receiver ID for XML documents that are to be processed
through this B2B Gateway.
a. The Name field will carry over to the XML Formats screen, please do not change
it.
b. In the XPath Routing Policies box click on the Plus sign (+) to add a new
XPath Routing Policy.
i. In the Configure B2B XPath Routing Policy screen, Name field
with a descriptive name; for the purpose of this lab use CustomXML.
ii. Choose enabled in the Admin State field.
iii. In the Sender XPath field use the XPath Tool button to upload the
XML file and extract the XPath we need.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
22
iv. In the Build XPath Expression from sample XML file screen
choose the Upload button.
v. Click on Browse in the File to Upload field, navigate to the
C:\DPB2B_AS2Lab_StudentMaterials\Sample files\ directory, select the
XML file in this directory and click on Open.
vi. Click on the Upload button at the bottom left of the Upload File screen
and click on Continue in the upload success box; this will put you back
into the Build XPath Expression from sample XML file
screen.
vii. The contents of the XML file will be displayed, click on the <From>
Element and you will see the XPath in the Select XPath Expression
box.
viii. Click on the Done button to accept the XPath expression; this will put you
back into the Configure B2B XPath Routing Policy screen.
ix. For the Receiver XPath, you may use the XPath Tool or simply copy
the Sender XPath, paste it into the Receiver XPath field and change the
word From to the word To.
x. Leave the remaining XPath fields blank and click on the Apply button in
the Configure B2B XPath Routing Policy screen to save the
XPath policy; this will return you to the XPath Formats tab and you will
see the new format is the first item in the list.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
23
Figure 2.16 Configure B2B Gateway – XML Formats
6. The Probe Settings tab is used to enable the DataPower probe for troubleshooting
processing policy when used as part of the data flow. In this example we are not using
any processing policies so we can skip this tab.
7. The Advanced tab is used to configure advanced B2B Gateway properties, like default
URL files for Async MDN’s, Gateway Priority and selecting a Document Routing
Preprocessor which is used for Binary file routing. Since we are not doing any of these
things in this lab we will not configure this tab.
8. Now that the B2B Gateway is completely configured save the Service by clicking on
the Apply button in the upper left corner of any tab. Click on Save Configuration to
persist your changes.
You have just completed the creation and configuration of your B2B
Gateway and associating it with all of the profiles and Front Side Handlers
needed to trade AS2 messages.
This concludes the configuration portion of this lab.
You can now test your configuration by following the
steps in the next section.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
24
Test Trading Outbound XML
Documents
In this section of the lab we will be test trading an AS2/XML file transfer between your gateway
and the partner’s gateway. For both the Partner’s B2B Gateway and your B2B Gateway we are
using a simulated back-end which communicates over an http connection. For the purpose of
this lab we will send payload files the DataPower HTTP Front Side Protocol Handlers
associated with the B2B Gateways using a HTTP Utility called NetTool.
We will test a total of two outbound scenarios and view the transactions in the DataPower B2B
Transaction Viewer after each test.
Test Scenario One: Outbound XML from Student
to Partner
In this scenario you will trigger an AS2 send from the STUDENT B2B Gateway to the
PARTNER B2B Gateway by using NetTool to post an XML file to an HTTP Front Side Handler
associated with your B2B Gateway. The B2B Gateway processes the XML file as follows:

The XML File is parsed for business IDs inside the STUDENT B2B Gateway, when
found the B2B Gateway will use the information in the PARTNER profile to send the
message over AS2 to the PARTNER B2B Gateway.

The PARTNER B2B Gateway will process the AS2 message; send the raw XML file to
the simulated partner back-end, generate an AS2 Message Disposition Notification
(MDN), and send the MDN back to the STUDENT B2B Gateway.

You will view the state of the transaction in the B2B Transaction Viewer to finish this
scenario.
Figure 3.0 represents an example of the data flow used to test this scenario.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
25
Figure 3.0 Outbound XML from STUDENT to PARTNER
1. Launch the NetTool utility by clicking on the shortcut provided for you in the Windows
Desktop of the HYI9533_IC16_VM2 VMWare image.
2. Set it to POST and enter the URL for the HTTP_Listener Front Side Protocol
Handler for your “HubOwner” B2B Gateway; Use the IP Address of eth0 from the
HYI9533_IC16_VM1 image and port 30011).
3. Click on the Load File icon and browse to the hubowner_partner.xml file which can
be found in the C:\DPB2B_AS2Lab_StudentMaterials\Sample files\ directory, load
the file into the NetTool utility.
4. Click on the Send button to post the file to your HTTP_Listener Front Side Protocol
Handler. (See Figure 3.1)
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
26
Figure 3.1 NetTool Send XML to DataPower HubOwner HTTP FSPH
1. When you send the file into the DataPower B2B Gateway from the simulated back-end,
it parses the RAW XML file, recognizes it is an XML format you defined in the B2B
Gateway and extracts the Sender and Receiver information from the file using XPath.
Figure 3.2 below shows where the sender and receiver information is located in the XML
file.
<?xml version="1.0"?>
<CustomXML>
<Route>
<To>partner</To>
<From>student</From>
</Route>
<Body>
<FILLER>
<ID>1</ID>
<Title>Reilly's Luck</Title>
<Quantity>1</Quantity>
<UnitPrice>$5.00</UnitPrice>
Figure 3.2 XML File – Trading Partner IDs
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
27
2. The B2B Gateway Service looks up the partner information and verifies that the partners
exist and are allowed to trade EDI documents; it looks at the Destination that is
configured for the destination Partner’s profile, discovers it is AS2 and packages the
payload in an AS2 envelope based on settings in the AS Attributes for that Destination.
3. Your B2B Gateway sends the AS2 packaged file to the Partner’s B2B hub.
4. The Partner’s B2B Gateway receives the AS2 message at the AS2 Front-side Handler
and extracts the Sender and Receiver information from the AS2 headers. Figure 3.3
shows where the sender and receiver information is located in the AS2 header.
POST /hubownerAS2in HTTP/1.1
Host: 192.168.1.4:60001
Cookie:
Via: 1.1 AQAAAJGFAHA=
X-CLIENT-IP: 213.98.90.21
Date: Wed, 28 Jan 2009 14:48:59 GMT
AS2-From: student
AS2-To: partner
AS2-Version: 1.1
Message-ID: <dc4d58be-486d-46b2-b21c-aa6506c4b933@192.168.1.4>
Subject: partner To hubowner
Disposition-Notification-To: ignored@example.com
Disposition-Notification-Options: signed-receipt-protocol=optional, pkcs7-signature; signed-receiptmicalg=optional, sha1,md5
Recipient-Address: as2://192.168.1.4:60001/hubownerAS2in
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Connection: Keep-Alive
Content-Length: 13085
Figure 3.3: Sample AS2 Message – AS2 ID’s
5. The Partner’s B2B Gateway Service unpackages the AS2 Envelope, looks up the
partner information, verifies that the partner profiles exist and is allowed to trade XML
documents; it looks at the Destination that is configured for the receiving profile and
delivers the payload.
6. The Partner’s B2B Gateway sends a MDN to your B2B Gateway, which is correlated to
the outbound AS2 message that was sent from your B2B Gateway.
7. The Partner’s B2B Gateway Service routes the XML payload to the simulated backend.
Now let’s view the transaction in the B2B Transaction Viewer (Figure 3.4). Minimize NetTool
and go back into your web Browser, click on Control Panel and then on B2B Transaction
Viewer. Once in the Transaction viewer click on the Show AS2 Only filter above the
transaction table. (NOTE: Your B2B viewer may look different from the below example)
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
28
Figure 3.4 B2B Transaction Viewer - AS2/XML Outbound
In this example, you can see that #521 was the outbound transaction sent to “Partner” and was
from “Student” and was processed by the B2B Gateway named “HubOwner”, you can see it
came into your HTTP_Listener on port 30011 and got sent to the partner profile that had an AS2
Destination. You can also see that you received a MDN from the partner in the MDN Received
and MDN Status column. If you want to see the off-the-wire inbound response, outbound
message, MDN and raw content, you can click on the Transaction Set ID (521) and choose the
appropriate file.
Test Scenario Two: Outbound XML Failure from
Student to Partner
In this scenario you will attempt to trigger an AS2 send from the STUDENT B2B Gateway by
using NetTool to post an XML file to an HTTP Front Side Handler associated with your B2B
Gateway; however this file will contain an invalid business ID. The B2B Gateway will process
the file as follows:

The XML file has an invalid business ID and will fail in your STUDENT B2B Gateway,
demonstrating that you must have a valid profile associated with your B2B gateway in
order to transport transactions to or accept transactions from trading partners.

You will view the state of the transaction in the B2B Transaction Viewer to finish this
scenario.
Figure 3.5 represents an example of the data flow used to test this scenario.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
29
Figure 3.5 Outbound XML from Student Gateway with Business ID Failure
The failure scenario is the same as the Outbound XML test case, however, in this scenario we
will change the Business ID to an invalid value and we will send an XML document from your
B2B Gateway to the Partner; the document will fail due to a not being able to verify that the
Partner Profile exists.
The reason we are doing a failure a scenario is so you can see what a failure looks like in the
B2B Viewer. It is not as verbose as the Debug logs for the B2B Gateway but it gives you an “at
a glance” view indicating a document processing failure. There are many failure status codes
that can be displayed in the viewer depending on the failure type.
NOTE: If you are not running this immediately following Scenario One then load up the XML file
and set the URL to match Scenario One.
1. Go back into the NetTool utility; If you are running this scenario immediately following
Scenario Two then simply click on Clone in NetTool. The button will change to Send.
2. After clicking on Clone, change the value of the payload <To> element to something
invalid; for this lab, I used X. (See Figure 3.6 below)
3. After you change the <To> element click on Send to post the XML file to your B2B
Gateway over your HTTP Listener Front Side Protocol Handler.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
30
Figure 3.6 NetTool Send XML to DataPower HubOwner HTTP FSPH with Invalid Partner ID
Now let’s view the transaction in the DataPower B2B Transaction Viewer (Figure 3.7). Minimize
NetTool and go back into your web Browser, Click on Control Panel and then on B2B
Transaction Viewer. Once in the Transaction viewer click on the Show All filter above the
transaction table. (NOTE: Your B2B viewer may look different from the below example). Note
the error in the Result code column. Since we used an invalid Business ID we received an error
when we attempted to send the file.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
31
Figure 3.7 B2B Transaction Viewer with Transaction Failure
In this example, you can see that #533 was the outbound transaction from “Student” and was
processed by the B2B Gateway named “HubOwner”, you can see it came into the B2B Gateway
and was rejected because it had an invalid Business Id.
You just successfully tested your DataPower B2B configuration by trading
AS2 messages with a Trading Partner.
This concludes the XML testing portion of this lab. You
can now optionally add AS security to be used for
encrypting and signing AS2 messages. In a real world
implementation you would always sign and encrypt your
AS2 messages.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
32
Adding AS security to the existing
configuration
In a previous section you configured both an internal and external partner profile; however, we
did not configure AS Security in each profile. AS Security uses S/MIME to encrypt and sign the
data that is to be transported using AS2. This section gives you a brief overview of how AS
Security works as well as step by step instructions on how to configure each partner profile to
use it.
AS Security Overview
EDIINT AS1, AS2 and AS3 data is protected using S/MIME which utilizes the X.509 Public Key
Infrastructure (PKI) providing a mechanism for protecting the data we send over the Internet as
well as providing non-repudiation of origin and receipt through the use of digital signatures.
Figure 4.0 depicts how AS security protects data that is traded between two partners:
Figure 4.0 AS Security Using PKI
The below flow represents the numbers in Figure 4.0.
1. A plain text file is sent.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
33
2. A Hashing algorithm creates the document’s digest.
3. Student’s private key is used to encrypt the document digest creating the digital
signature.
4. The file is encrypted and the digital signature with the one-time symmetric key is
created.
5. The Partner’s public key is used to encrypt the one-time symmetric key providing a
digital envelope around the file.
6. The Partner’s private key is used to decrypt the one-time symmetric key.
7. The file is decrypted using the Partner’s private key.
8. The Student’s public key is used to decrypt and validate the digital signature.
9. A hash is created from the decrypted file and compared to the hash from the digital
signature.
10. The plain text file is successfully received.
Internal Partner Profile – AS Security
In this section we will edit the existing Student profile and add AS security to it.
1. Navigate to the Partner Profile list by clicking on B2B Partner Profile from the Control
Panel. If you are not in the Control Panel click on it in the left navigation menu.
2. In the Configure B2B Partner Profile list view click on the internal profile, in this
example it is Student. (See Figure 4.1)
Figure 4.1 Edit Student Profile
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
34
3. In the Configure B2B Partner Profile view click on the AS Settings tab. (See
Figure 4.2)
Figure 4.2 Student Profile – AS Settings tab
4. In the Inbound Security section leave the Require Signature and Require
Encryption boxes unchecked and click on the Plus Sign (+) to create a new Inbound
Decryption Identification Credential (See Figure 4.3).
a. In the Configure Crypto Identification Credentials screen, Name
field enter a descriptive name for this credential; for this lab use
Student_Decrypt.
b. Choose enabled in the Admin State field.
c. Click on the Plus Sign (+) next to the Crypto Key field to create/upload the
Crypto Key.
i. In the Configure Crypto Key screen, Name field, enter a descriptive
name for this key; for this lab use Student_Privkey.
ii. Choose enabled in the Admin State field.
iii. Click on the Upload button in the File Name field.
iv. Click on Browse in the File to Upload field, navigate to
C:\DPB2B_AS2Lab_StudentMaterials\Security and select the
student-privkey.pem file and click on Open.
v. Click on the Upload button at the bottom left of the Upload File screen
and click on Continue in the upload success box; this will put you back
into the Configure Crypto Key screen.
vi. In the Configure Crypto Key screen, click on the Plus Sign (+) next
to the Password Alias field to create a password object for the private
key, for this lab the password is datapower, enter a descriptive name for
the password alias (Private_Key_PW) and the password information in
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
35
the Password Map Alias screen and click on the Apply button to
save it.
vii. Click on the Apply button in the Configure Crypto Key, screen this
will put you back into the Configure Crypto Identification
Credentials screen.
Figure 4.3 Student Profile – AS Settings tab – Inbound Security – Crypto Key
d. Now that we are back in Configure Crypto Identification
Credentials screen, we need to upload the certificate that is associated with
the key; Click on the Plus Sign (+) next to the Certificate field to
create/upload the Crypto Certificate. (See figure 4.4)
i. In the Configure Crypto Certificate screen, Name field, enter a
descriptive name this cert; for this lab use Student_Cert (See Figure 4.4).
ii. Click on the Upload button in the File Name field.
iii. Click on Browse in the File to Upload field, navigate to.
C:\DPB2B_AS2Lab_StudentMaterials\Security and select the
student-sscert.pem file and click on Open.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
36
iv. Click on the Upload button at the bottom left of the Upload File screen
and click on Continue in the upload success box; this will put you back into
the Configure Crypto Certificate screen.
v. In the Configure Crypto Certificate screen, leave the password
fields blank, they are not needed for the public self-signed certificate.
vi. Be sure the Ignore Expiration Dates field is set to on and click on the
Apply button; this will put you back into the Configure Crypto
Identification Credentials screen. NOTE: Typically you would not
ignore expiration dates, for the purpose of this lab we will ignore to dates.
vii. In the Configure Crypto Identification Credentials screen,
leave the Intermediate CA Certificate field empty since we are using
Self-Signed Certificates.
Figure 4.4 Student Profile – AS Settings tab – Inbound Security - Certificate
e. After both credentials are configured in the Configure Crypto
Identification Credentials screen, click on the Apply button which will
put you back into the AS Settings screen.
5. In the Outbound Security section, be sure the Sign Outbound Messages box is
checked and click on the Plus Sign (+) to create a new Outbound Signing
Identification Credential. (See Figure 4.5)
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
37
a. In the Configure Crypto Identification Credentials screen, Name
field enter a descriptive name this credential; for this lab use Student_SigID.
b. Since we already imported the Student Key and Cert in step 4 above we can
click on drop down and select the same credentials for Crypto Key and
Certificate fields to be used for outbound security.
c. In the Configure Crypto Identification Credentials screen, leave
the Intermediate CA Certificate field empty since we are using SelfSigned Certificates.
d. After both credentials are configured in the Configure Crypto
Identification Credentials screen, click on the Apply button which will
put you back into the AS Settings screen.
e. With the addition of the Signing Identification Credential, the
Signing Digest Algorithm field will now appear under the Credential field;
leave this set to sha1.
f.
Leave the Signing S/MIME Version field set to the default of v3.1.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
38
Figure 4.5 Student Profile - Configure Outbound Security – AS Settings Tab
6. We do not need to set any of the fields in the Advanced Settings section. Now that both
the Inbound and Outbound Security sections are completed save the changes by
clicking on the Apply button in the upper left side of the AS Security tab and click on
Save Configuration to persist the changes.
External Partner Profile – AS Security
1. Navigate to the Partner Profile list by clicking on B2B Partner Profile at the top of the
screen or navigate to it from the Control Panel.
2. In the Configure B2B Partner Profile list view click on the External profile, in this
example it is Partner. (See Figure 4.6)
Figure 4.6 Edit Partner Profile
3. In the Configure B2B Partner Profile view click on the AS Settings tab. (See figure
4.7)
Figure 4.7 Partner Profile – AS Settings tab
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
39
4. In the Inbound Security section click on the Plus Sign (+) to create a new Inbound
Signature Validation Credential (See Figure 4.8)
a. In the Configure Crypto Validation Credentials screen, Name field enter a
descriptive name for this credential; for this lab use Partner_Sigval.
b. Choose enabled in the Admin State field.
c. Click on the Plus Sign (+) in the Certificates box next to the add button to
create/upload the partner certificate.
i. In the Configure Crypto Certificate screen, Name field, enter a
descriptive name for this key; for this lab use Partner_Cert.
ii. Choose enabled in the Admin State field.
iii. Click on the Upload button in the File Name field.
iv. Click on Browse in the File to Upload field, navigate to
C:\DPB2B_AS2Lab_StudentMaterials\Security and select the
partner-sscert.pem file and click on Open.
v. Click on the Upload button at the bottom left of the Upload File screen
and click on Continue in the upload success box; this will put you back into
the Configure Crypto Certificate screen.
vi. Leave the Password Alias field set to none; this is a public certificate so there
is no need for a password.
viii. Be sure the Ignore Expiration Dates field is set to on and click on the
Apply button; this will put you back into the Configure Crypto
Identification Credentials screen. NOTE: Typically you would not
ignore expiration dates, for the purpose of this lab we will ignore to dates.
d. In the Configure Crypto Validation Credentials screen take the
default value of Match exact certificate or immediate issuer in the
Certificate Validation Mode field.
e. Be sure the Use CRL and Check Dates fields are set to off and click on the
Apply button; this will put you back into the AS Settings screen.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
40
Figure 4.8 Partner Profile – AS Settings tab – Inbound Security – Signature Validation Credential
5. In the AS Settings Inbound Security section tab, keep the default values for the MDN
SSL client type and MDN SSL Proxy Profile.
6. We do not need to set any of the fields in the Advanced Settings section. Please do not click
the Apply button in the profile at this time.
7. In the Configure B2B Partner Profile view click on the Destinations tab and click
on the pencil icon to edit the Partner’s AS2 destination. (See figure 4.9)
Figure 4.9 Edit Partner AS2 Destination
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
41
8. Change the AS Outbound Security section of the AS2 Destination to support signatures
and encryption. (See Figure 4.10)
a. Uncheck the Send Messages Unsigned box.
b. Place a check in the box next to the Encrypt Messages field and an Encryption
Certificate field will now be visible; this will allow us to encrypt payload data we
send to the partner.
c. In the Encryption Certificate field use the drop down and select the same
public certificate credential we created for validating signatures from Partner;
Partner_cert.
Figure 4.10 Partner AS2 Destination – AS Outbound Security
9. In the Advanced AS Behavior section, place a check in the box next to the Request
Signed MDN field; this will allow us to request the returned MDN be signed. Also click on
the Apply button in the Destination box to save the changes. (See Figure 4.11) (NOTE: You
may need to scroll back to the top of the page after creating the destination to see the
configured fields)
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
42
Figure 4.11 Partner AS2 Destination – Advanced AS Behavior
10. Now that the Partner external profile is configured to support AS security, save the profile by
clicking on the Apply Button in the upper left side of the Destination tab and click on Save
Configuration to persist the changes.
Test Scenario Three: Inbound EDI-X12 from
Partner to Student
In this scenario you will trigger an AS2 send from the PARTNER B2B Gateway to your
STUDENT B2B Gateway by using NetTool to post an EDI-X12 file to an HTTP Front Side
Handler associated with the PARTNER B2B Gateway. The B2B Gateway processes the EDIX12 file as follows:

The EDI-X12 File is parsed for business IDs inside the PARTNER B2B Gateway, when
found the B2B Gateway will use the information in the STUDENT profile to send the
message over AS2 to your STUDENT B2B Gateway.

Your STUDENT B2B Gateway will process the AS2 message; send the raw EDI-X12 file
to the simulated STUDENT back-end, generate an AS2 Message Disposition Notification
(MDN), and send the MDN back to the PARTNER B2B Gateway.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
43

You will view the state of the transaction in the B2B Transaction Viewer to finish this
scenario.
Figure 4.12 represents an example of the data flow used to test this scenario.
Figure 4.12 Inbound EDI from external Partner to the Student’s B2B Gateway with AS security enabled
1. Launch the NetTool utility by clicking on the shortcut provided for you in the Windows
Desktop of the HYI9533_IC16_VM2 VMWare image.
2. Set it to POST and enter the URL for the HTTP_Listener Front Side Protocol Handler for
the “Partner_Hub” B2B Gateway; Use the IP Address of eth0 from the
HYI9533_IC16_VM1 image and port 30001).
3. Click on the Load File icon and browse to the partner_hubowner.edi file which can be
found in the C:\DPB2B_AS2Lab_StudentMaterials\Sample files\ directory, load the EDI file
into the NetTool utility.
4. Click on the Send button to post the file to Partner’s HTTP_Listener Front Side Protocol
Handler. (See Figure 4.13)
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
44
Figure 4.13 NetTool Send EDI-X12 to Partner HTTP FSPH – Receive AS2 in Student B2B Gateway
1. The Partner’s B2B gateway parses the RAW EDI file, recognizes it is X12 and extracts the
Sender and Receiver information from the file. Figure 4.14 below shows where the sender
and receiver information is located in the EDI file.
ISA*00*ASCENTIAL *01*92511930 *zz*partner
*zz*student
*940401*0942*U*00201*000000002*0*T*>
GS*PO*006250740*3122721850*940401*0942*1*X*002003
ST*850*1
BEG**BY*ab100**931028
NTE**This is a header message
SHH*DD*001*930701
N1*BT*Distributor Co
N3*2345 Waukegan Rd*E100
N4*Bannockburn*IL*60015*US
PO1*1*500*EA*45.26**IN*800-ABT1
NTE**Please paint this blue
PO1*1A*1000*EA*22.12**IN*900-ABT1
NTE**Again, print this message
Figure 4.14 Sample EDI File – Business IDs
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
45
2. The Partner’s B2B Gateway (Partner_Hub) sends the AS2 packaged file to your HubOwner
B2B Gateway.
3. Your B2B Gateway (HubOwner) receives the AS2 message at the AS2 Front-side Handler
and extracts the Sender and Receiver information from the AS2 headers. Figure 4.15 below
shows where the sender and receiver information is located.
POST /PartnerAS2 HTTP/1.1
Host: 192.168.1.4:60003
Cookie:
Via: 1.1 AQAAAGWFAHA=
X-CLIENT-IP: 213.98.90.21
Date: Tue, 27 Jan 2009 11:07:40 GMT
AS2-From: zzpartner
AS2-To: zzstudent01
AS2-Version: 1.1
Message-ID: <ea7bf663-1539-4ca9-910e-e9b4c0025427@192.168.1.4>
Subject: hubownerzz To partnerzz
Disposition-Notification-To: ignored@example.com
Disposition-Notification-Options: signed-receipt-protocol=optional, pkcs7-signature; signed-receiptmicalg=optional, sha1,md5
Recipient-Address: as2://192.168.1.4:60003/PartnerAS2
Content-Type: application/pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Disposition: attachment; filename="smime.p7m"
Connection: Keep-Alive
Content-Length: 3740
Figure 4.15 Sample AS2 Message – AS2 IDs
0‚
˜_
*†H†÷___ ‚
4. Your
B2B
Gateway Service (HubOwner) unpackages the AS2 Envelope, looks up the
‰0‚
partner
…__ information and verifies that the partners exist and are allowed to trade EDI
documents; it looks at the Destination that is configured for the receiving profile and delivers
the payload.
5. Your B2B Gateway (HubOwner) Sends an MDN to the Partner.
6. Your B2B Gateway (HubOwner) routes the EDI payload to the simulated backend.
Now let’s view the transaction in the DataPower B2B Transaction Viewer (Figure 4.16).
Minimize NetTool and go back into your web Browser, click on Control Panel and then on
B2B Transaction Viewer. Once in the Transaction viewer click on the Show AS2 Only
filter above the transaction table. (NOTE: Your B2B viewer may look different from the
below example)
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
46
Figure 4.16 B2B Transaction Viewer – EDI Inbound to Student
In this example, you can see that #536 was the inbound transaction from “zzpartner”, was
destine for “zzstudent” and was processed by the B2B Gateway named “HubOwner”, you can
see it came into your AS2 Front-side Handler and got sent to the simulated back-end URL. You
can also see that you sent a MDN to the Partner in the MDN Sent and MDN Status columns. If
you want to see the inbound message, outbound response, MDN and content files, you can
click on the Transaction Set ID and choose the appropriate file.
You just successfully added AS security to your configuration and tested
AS2/EDI inbound. This Concludes the DataPower B2B AS2 Lab.
© Copyright IBM Corp. 2016
Materials may not be reproduced in whole or in part without the prior written permission of IBM.
47
Align skills with personal and business goals
Technology advances at an accelerated pace, from frequent innovaons in Soware and Hardware to the rapid emergence of
technical soluons. Organizaons and their staff must keep
pace, staying compeve and driving faster return on investment (ROI) through enablement and engagement ed to
business outcomes. Companies today need a learning strategy
that’s economical, scalable and flexible, and — above all — effecve.
World–class IBM content, worldwide
delivery
Highlights
i
i
i
A recognized skills leader, IBM Training has evolved to ensure
technology soluons relate to your personal goals and the
needs of the business. IBM authorized content is current,
accurate, reliable and consistent, whether off–the– shelf or
custom designed. When delivered by a handful of specially
chosen Global Training Providers with a vast network of locaons and innovave delivery methods, we take learning to
the next level with an end–to–end training soluon.
Drive business success with the experts
IBM–selected, expert skills providers offer a superior value
versus other training opons. They offer personalized services and guidance, from charng a career path and planning
for cerficaon to choosing courses and the best format for
an individual or the full enterprise. With more locaons and a
higher volume of course offerings, building skills and contribung to the success of the organizaon is more convenient.
i
Connect with your Global Training Provider:
i
i
To learn more, visit:
V7.0
Uempty
z