More Related Content
Similar to IBM Worklight for Digital Agencies (20)
IBM Worklight for Digital Agencies
- 1. © 2014 IBM Corporation
IBM Worklight -- The IBM MobileFirst
Application Platform:
The Secret Weapon for
Digital Agency Profitability
Graham Churchill
IBM MobileFirst and Internet of Things Solutions Executive
churchil@ca.ibm.com
Sept 7, 2014
- 2. Agenda
① The high cost of building mobile apps
② The IBM Worklight value proposition for digital agencies
③ How does IBM Worklight save cost?
④ Looking at Worklight in depth
① Accelerating development
② Shortening the mobile app lifecycle management
③ Securing the mobile ecosystem
④ Enabling user engagement
⑤ Managing the mobile ecosystem
⑤ Summary
2 © 2014 IBM Corporation
- 3. Two Types of Digital Agencies
Internal
Develop apps for their own organization
External
Develop apps for other organizations
LOB LOB LOB LOB LOB LOB
Goals are the same develop more at lower cost.
3 © 2014 IBM Corporation
- 4. Mobile apps are expensive to develop! • Fragmentation of devices and platforms
• Must build and maintain different code bases
$
• Speed and frequency of iterations
• High cost of testing and change management
• Connectivity to back-end systems and cloud
• Build, maintain and manage
• Security to protect corporate data
• Much greater chance of data breach
• Context and other capabilities such as geo-location
• Specialized capabilities required
• Delivery of high quality apps that rapidly incorporate
customer feedback
• Mechanisms to capture and act on feedback
• Adoption of apps in a crowded market; 25% of
mobile apps are used only once
• Build apps that people actually use.
• Skills on platforms, frameworks, UI design, and all
other disciplines.
• Mobile development skills are expensive
4 © 2014 IBM Corporation
- 5. The challenge of finding skilled mobile developers
I am more
cool than
you.
I am more
liberated
than you.
Peace man.
+ + =$
• Developers often have different skill sets and its difficult to find single
developers with skills on all platforms
• When you do, you will pay a premium for their services
• For multi-platform projects, when you must maintain different assets, this
creates challenges in harnessing the team
5 © 2014 IBM Corporation
- 6. Traditional Web development vs. Mobile development
Initial app
development cost
$
Traditional Web
Frequency of change (occasional)
$ $
Application
change cost
$
Mobile development
$
Application
change cost Frequency of change (continuous)
$ $ $ $ $
Initial app
development cost
$
6 © 2014 IBM Corporation
- 7. Spectrum of mobile app development approaches
Low fidelity, low cost High fidelity, high cost
7 © 2014 IBM Corporation
- 8. Mobile apps require more than a focus on front-end UI
z
Teamwork
Industrialize dev
Integrate with SDLC
Operations
Front-end
Back-end
30%
of the value
and effort is
visible
(mobile UI)
70%
of the value
and effort
lies under
the surface
Short time to market
Web? Hybrid?
Native?
Manage and
enforce app
versions
Track problems that
affect UX
Ensuring continued
support in a quick-changing
landscape
Security
Data
protection
Push
upgrades
App
security
User
authentication
User engagement
Connect to back-end
Efficient and flexible
push notifications
Track and leverage
location
Offline availability
B2E app distribution
8 © 2014 IBM Corporation
- 9. Agenda
① The high cost of building mobile apps
② The IBM Worklight value proposition for digital agencies
③ How IBM Worklight saves cost?
④ Looking at Worklight in depth
① Accelerating development
② Shortening the mobile app lifecycle management
③ Securing the mobile ecosystem
④ Enabling user engagement
⑤ Managing the mobile ecosystem
⑤ Summary
9 © 2014 IBM Corporation
- 10. What does IBM Worklight do for digital agencies?
$$
Reduces application
change cost
2
Reduces initial
application cost 1
$ $ $ $ $ $$$$$$$$$$$$$$$$$
Affords you the
opportunity make
more changes
4
$$
$$$$$
Shortens time
required to make
changes
3
10 © 2014 IBM Corporation
- 11. Impact of IBM Worklight on digital agency profitability
{
{ }
$
$ $
}
$
}
$
Price
charged
customer
Profit
Development
cost
Profit
Worklight license
Development
cost
Price
charged
customer
Without
Worklight
With
Worklight
11 © 2014 IBM Corporation
- 12. For the value it delivers, IBM Worklight is very inexpensive
No charge version for developers
IBM Worklight for Developer Edition
• No charge, non-warranted program
• Support is best effort via Stack Overflow
• Available for download from the IBM developerWorks® website
Production versions for deployment
• IBM Worklight Consumer Edition
• Pricing is per app; unlimited users
• IBM Worklight Enterprise Edition
• Pricing is per user, unlimited apps
12 © 2014 IBM Corporation
- 13. Agenda
① The high cost of building mobile apps
② The IBM Worklight value proposition for digital agencies
③ How IBM Worklight saves cost?
④ Looking at Worklight in depth
① Accelerating development
② Shortening the mobile app lifecycle management
③ Securing the mobile ecosystem
④ Enabling user engagement
⑤ Managing the mobile ecosystem
⑤ Summary
13 © 2014 IBM Corporation
- 14. How IBM Worklight saves costs
Accelerate Native, Web, and Hybrid
development
Shorten App Lifecycle Change Management
Facilitate App Security and Trust
Engage users with the Enterprise
Support Mobile Operations Management
14 © 2014 IBM Corporation
- 15. The IBM MobileFirst Application Platform – IBM Worklight
IBM Worklight goes beyond mobile app
UI creation to deliver mobile optimized,
standards-based, middleware and tools
for enterprise-grade mobile applications
and services creation
Accelerate Native, Web, and Hybrid Development
• Complete IDE enabling the plug-in of native, Javascript, user-defined
libraries
• Rich APIs for native development
• Central place to keep track of all types of content
• Enables developer to focus on business logic
Shorten App Lifecycle Change Management
• Preview, simulation, and testing tools for shortening
development lifecycle
• Capture user feedback in a fraction of the time
• Mechanisms to industrialize app development
• Team work facilitation and development lifecycle tools
Facilitate App Security and Trust
• Server-enforced authentication
• App authenticity and user-app-device binding
• Secure and syncable on-device storage
• App version enforcement
Engage Users with the Enterprise
• Mobile-friendly enterprise integration
• Codeless integration
• Unified push and SMS notifications
• Geo-location and context collections and intelligence
Support Mobile Operations Management
• Operational analytics with efficient data acquisition
• Offline and online event management integration
• Remote user and app control without MDM
“Best Enterprise Mobility Application
Development Platform" by Compass Intelligence
for 2014 Mobility Awards
"Best Mobile Development Solution"
as voted by SIIA members for 2013 CODiE Awards
15 © 2014 IBM Corporation
- 16. The Value of Worklight for Native Apps – The Best Platform for Native
Focus more on business logic
• Robust and extensible enterprise integration
framework
• Proven user and app security framework
• API discovery for SAP and SOAP
• Encrypted JSON Store with bi-directional
synchronization
• Efficient geo-location services
and geo-fencing
Decrease development cost
• Standard server API for push engagement
• Automated functional testing for native apps
• Out of the box operational analytics
Manage the mobile app
lifecycle
• Console for app management, version
enforcement, and fine-grained user control
• Support for enterprise SDLC integration
• App Center for managing distributed test
process
Support the mobile
ecosystem
Objective C
Java
C#
• Proven timely support for new OS versions
• Support for use of third party libraries and
services
16 © 2014 IBM Corporation
- 17. The Value of Worklight for Hybrid Apps
Focus more on business logic
• Proven optimization framework including Skins
• Robust and extensible enterprise integration
framework
• API discovery for SAP and SOAP
• Worklight App Run-time for quick data-driven
hybrid apps
• Encrypted JSON Store with bi-directional
synchronization
• Efficient geo-location services and geo-fencing
Decrease development cost
• Instant hybrid app preview
• Accurate mobile simulator + visual location
simulator
• Automated functional testing for hybrid apps
• Out of the box operational analytics
Manage the mobile app lifecycle
• Console for app management, version
enforcement, and fine-grained user control
• Custom app templates and screen templates
• Custom app components and shell
• Support for enterprise SDLC integration
• App Center for managing distributed test
process
Support the mobile ecosystem
• Cordova is shipped with Worklight; IBM
provides bug fixes and production-level support
for version shipped with Worklight
• Proven timely support for new OS versions
• Support for use of third party libraries and
services
17 © 2014 IBM Corporation
- 18. Outline of the IBM MobileFirst Application Platform – IBM Worklight
A comprehensive mobile app development approach with continuous delivery
Quality Assurance
Server Runtime
Studio Console
Application Center
Application
Scanning
Development Continuous Delivery
Application Scanning
Detect code vulnerabilities at the
time of development
Quality Assurance
Collect beta test feedback, crashes
and analyze user sentiment
Worklight Foundation
Development, Runtime, Operations
Console & Private Store
18 © 2014 IBM Corporation
- 19. Feedback Management
Device Runtime
Cross-Platform
Compatibility Layer
Server Integration
Framework
Encrypted and
Syncable Storage
Runtime Skins
Location-based
event handling
Reporting for Statistics
and Diagnostics
IBM Worklight Foundation Components
Worklight Application
Center
Development Team Provisioning
Enterprise App Provisioning
and Governance
App Feedback Management
Public App Stores
2
3
Application Code
Enhanced crash &
platform-level
exception capture
Worklight Console
5
Unified Push and SMS Notification
Development and Operational Analytics
App Version Management
Worklight Studio
HTML5, Hybrid, and
Enterprise Backend Systems &
Native Coding
Optimization
Framework
Integrated Device
3rd Party Library
WYSIWG Editor
and Simulator
Cloud Services
Build Engine
SDKs
iOS
1
Android
Blackberry
Windows
Phone
Windows 8
Java ME
Mobile Web
Desktop Web
Worklight Server
SDKs
Integration
Functional
Testing
User Authentication
and Mobile Trust
Mashups and Service
Composition
JSON Translation
Geolocation Services
Adapter Library for
Backend Connectivity
Stats and Logs Aggregation
Client-Side
App Resources
Direct Update
Mobile
Web Apps
Unified Push
Notifications
4
19 © 2014 IBM Corporation
- 20. IBM Worklight Foundation – Typical Topology
Worklight
Cluster
App
Web SSO
Server
Load
Balancer
https
https
Corporate DMZ
Corporate LAN
Backend 1 Backend 2
Worklight
Database
20 © 2014 IBM Corporation
- 21. What’s new in IBM Worklight Foundation 6.2
Flexible
application
development
New command line
tooling
More native API
Mixing native and
HTML5
Wizards for Backend
integrations
Worklight Application
FrameworeBeta
IBM's cloud services on
Bluemix
Extended user
reach
Native app start-up and
transitions
Enhanced push
notification
Campaign manage with
xtify
USSD support
C# API for Windows
Phone 8
SSO via iSAM
Comprehensive
mobile
operations
Enhanced operational
analytics
REST APIs and CLI for
management task
automation
Role-based access with
Java EE-security
Remote-controlled
mobile device log
collection
Cluster and active-active
arch
Cloud-hosted on
SoftLayer
Security
MaaS 360 integration
Trusteer integration
JSONStore for native
iOS and Android apps
JSONStore for Hybrid
W8 and WP8
Direct Update for WP8
Enhanced app
authenticity for iOS and
Android
21 © 2014 IBM Corporation
- 22. Agenda
① The high cost of building mobile apps
② The IBM Worklight value proposition for digital agencies
③ How IBM Worklight saves cost?
④ Looking at Worklight in depth
① Accelerating development
② Shortening the mobile app lifecycle management
③ Securing the mobile ecosystem
④ Enabling user engagement
⑤ Managing the mobile ecosystem
⑤ Summary
22 © 2014 IBM Corporation
- 23. Spectrum of mobile app development approaches
Pure web Hybrid Pure native
Pre-package
d HTML5
resources
HTML5 +
native UI
Web-Native Continuum
Mobile
web site
(browser
access)
• HTML5, JS,
and CSS3 (full
site or m.site)
• Quicker and
cheaper way
to mobile
• Sub-optimal
experience
Native
shell
enclosing
external
m.site
• HTML5, JS,
and CSS
• Usually
leverages
Cordova
• Downloadable,
app store
presence,
push
capabilities
• Can use native
APIs
• As previous
• + more
responsive,
available
offline
• Web + native
code
• Optimized
user
experience
with native
screens,
controls, and
navigation
Mostly
native,
some
HTML5
screens
• App fully
adjusted to OS
• Some screens
are multi-platform
when
makes sense
Pure
native
• App fully
adjusted to OS
• Best
attainable user
experience
• Unique
development
effort per OS,
costly to
maintain
23 © 2014 IBM Corporation
- 24. Worklight Studio – The IDE for hybrid app development
Eclipse-based IDE
Code assist tools with auto-complete and
validation
Application scaffolding and componentization
Mobile OS-specific optimization
Device-specific optimization with Skins
3rd-party library integration for HTML5 and
native components
Quick access to simulators, emulators, and
debugging tools
Worklight Studio
HTML5, Hybrid, and
Native Coding
Optimization
Framework
Integrated Device
SDKs
3rd Party Library
Integration
Build Engine
SDKs
WYSIWG Editor
and Simulator
Functional
Testing
iOS
1
Android
Blackberry
Windows
Phone
Windows 8
Java ME
Mobile Web
Desktop Web
24 © 2014 IBM Corporation
- 25. Worklight gives developers complete control over their app
• Control default splash screen behavior
• Add a custom splash screen
• Start application with native screen
• Control Worklight framework initialization, e.g. in background
Attractive
App
Startup
• Display a specified native screen in full screen
• Mix native and web components on a same screen
• Control native components that host web application
• Use native components hosting web application inside of a
container
Engaging
UI
• Call native code from JavaScript and vise-versa
• Invoke both native and JavaScript WLClient APIs in any order
e.g. authenticate in native, UI in HTML5
Compelling
app flow
25 © 2014 IBM Corporation
- 26. Unified Worklight Studio
• Worklight Studio and Worklight Developer Edition are now the same
• Licensing terms and support difference only
• Same installation can be used for both evaluation and production environments
• Common Worklight Studio now available through
• Free for evaluation from Eclipse Marketplace
• Paid for production from Passport Advantage
• Evaluation assistance for Worklight provided through
• Paid product support available through direct support channels
• For more information, go to the Worklight page on
http://www.ibm.com/developerworks/mobile/worklight/
26 © 2014 IBM Corporation
- 27. Unsurpassed flexibility in hybrid development
Complete freedom in mixing native and web code in the same app
Native and web
components on the
same screen
Native header with
button, title and icon
WebView with web
components
Native scrolling ticker
27 © 2014 IBM Corporation
- 28. Bridge native and hybrid elements with an action API
Use the Worklight action API to enable native-hybrid communication:
Send data from JavaScript to Native
Send data from Native to JavaScript
Register Native action handlers
Register JavaScript action handlers
Example: Clicking native side menu button triggers web UI change
28 © 2014 IBM Corporation
- 29. Create reusable enterprise UI patterns
Create and reuse custom UI patterns
For corporate branding
Improved governance: Patterns which
were adequately designed, implemented
and tested
Patterns contain HTML, CSS and JS
resources
Package patterns inside a pre-defined
archive format, so that they can be
distributed among teams to re-use in their
Worklight projects with Worklight Studio
29 © 2014 IBM Corporation
- 30. Create custom components and templates
Add
Components and
templates to a
Worklight Project
Custom screen patterns
Shareable ZIP archives
.wlc or .wlt extns
HTML, CSS and JS resources
Extend the list of out-of-the-box patterns
Application Components
Reusable libraries (Client or server runtime)
that developers can add to apps
Worklight Project Templates
A reusable Worklight hybrid project that
developers can use to jump start new
application development
Create
components
and
templates
Save development time by reusing code
Help enforcing governance by providing ready-made,
tested components with corporate-approved
code and branding
Created and managed using a Worklight
Studio wizard
30 © 2014 IBM Corporation
- 31. Bring Your Own Tools!
In Worklight 6.2 developers have the flexibility to use the development tools of their choice –
Worklight Studio is no longer required
A Command Line Interface (CLI) is provided to enable the use of other development tools
The CLI provides the following capabilities:
Add Worklight SDKs to a native project
Create Worklight hybrid projects
Add environments to a Worklight hybrid project
Create Worklight Adapters
Test Worklight Adapters
Deploy Worklight applications and adapters to the Worklight Server
Start and stop the Worklight Server
Launch the Worklight administrative console
31 © 2014 IBM Corporation
- 32. Example CLI commands for native apps
wl create
[?] What do you want to name your project? MyProj
Project ‘MyProj’ created
cd MyProj
wl add api
[?] What do you want to name your native API? MyIosApi
[?] What platform do you want to target?
Android
❯ iOS
Java ME
Windows Phone 8
Native api for ‘ios’ created
Context aware builds
wl build
wl deploy
If at project level, all apps and adapters are built.
If in adapters (all or single), then only those are built.
If within a single app, then only that app is processed.
If within a single env of app, only it is built and deployed.
Embedded Worklight server control
wl start
wl console
wl stop
The “wl run” command is a long running task that starts
the server, and tails (follows) the server log file
32 © 2014 IBM Corporation
- 33. Example CLI commands for hybrid apps
wl add hybrid
[?] What do you want to name your Worklight App? MyHybrid
cd apps/MyHybrid
wl add environment
[?] What environments you want to add to the hybrid app?
⬢ iPhone
⬡ iPad
⬢ Android phone and tablets
⬡ BlackBerry 6 and 7
⬡ BlackBerry 10
❯⬡ Windows Phone 8
⬡ Windows 8 desktop and tablets
⬡ Mobile web app
wl build
wl deploy
wl console
33 © 2014 IBM Corporation
- 34. Example CLI commands for adapters
wl add adapter Accounts --type http
edit adapters/Accounts/Accounts*
wl build && wl deploy
Implement desired procedures
Interactively test the adapter
wl invoke
[?] Which adapter do you want to use? (Use arrow keys)
❯ Accounts
Foo
[?] Which procedure do you want to invoke? (Use arrow keys)
getAccountList
❯ getAccount
[?] Enter the comma-separated parameters: "111-001"
Invoking Accounts:getAccount...
Arguments:
[ "111-001” ]
Invocation result:
{
"id": "111-001",
"balance": 623.45,
. . .
}
Direct syntax
wl invoke Accounts:getAccount '["111-001"]’
{
"id": "111-001",
"name": "Checking",
. . .
}
34 © 2014 IBM Corporation
- 35. Agenda
① The high cost of building mobile apps
② The IBM Worklight value proposition for digital agencies
③ How IBM Worklight saves cost?
④ Looking at Worklight in depth
① Accelerating development
② Shortening the mobile app lifecycle management
③ Securing the mobile ecosystem
④ Enabling user engagement
⑤ Managing the mobile ecosystem
⑤ Summary
35 © 2014 IBM Corporation
- 36. Rapid testing of hybrid apps with the Mobile Browser Simulator
Accurate simulation of the app’s HTML5 screens (e.g., right fonts, sizes, and layout)
Supports Cordova and Worklight client API
36 © 2014 IBM Corporation
- 37. Mobile Functional Test Tools
Comprehensive, complete, resilient functional testing
Android and iOS, native and hybrid
HTML and JQuery
Record, edit, and run on mobile devices or emulator
Same test runs across multiple devices in the platform family
Natural language scripts can be used by developers and non-developers
alike
Simple process
1. Record
2. Author
3. Playback
4. Report
37 © 2014 IBM Corporation
- 38. Introducing IBM Worklight Quality Assurance
Delivers mobile app quality across a fragmented environment with end user
feedback and quality metrics available at every stage of development.
Evidence-based prioritization – enable business
and IT to collaborate on mobile strategy and user
experience
Over the air app distribution – get the latest in the
hands of testers as soon as it is available
Frictionless bug reporting – spend every minute on
testing latest and greatest builds, not the hassles
In-app crash reporting – rapid understanding of
why an app fails
Sentiment analysis – mine app ratings and reviews
to extract actionable feedback before they go viral
User Feedback
Crash logs
Bugs
Quality
Assurance
38 © 2014 IBM Corporation
- 39. Introducing IBM Worklight Application Scanning
Based on AppScan v9.0
Detect vulnerabilities at the time of code change to reduce risk of data leakage and breaches
• A single Eclipse Integrated Development
Environment (IDE). Scan existing code
projects or Worklight Studio projects
• Native and hybrid mobile applications support
• Enhanced JavaScript analysis, which includes
improved performance and additional
framework support
• Optionally connect to IBM Security AppScan
Enterprise Server to share scan
configurations, filters, and custom rules across
all projects
Application
Scanning
39 © 2014 IBM Corporation
- 40. Application Center for managing the app testing phase
Share apps across developers, testers,
and other stakeholders
iOS, Android, Windows Phone 8,
BlackBerry 6 and 7
Developers
• Easily distribute app to testers
Testers
• Easily find apps and versions to test
Testers
• Provide rating and feedback directly
from the device
Developers
• Access all feedback in a centralized
manner
40 © 2014 IBM Corporation
- 41. Agenda
① The high cost of building mobile apps
② The IBM Worklight value proposition for digital agencies
③ How IBM Worklight saves cost?
④ Looking at Worklight in depth
① Accelerating development
② Shortening the mobile app lifecycle management
③ Securing the mobile ecosystem
④ Enabling user engagement with the enterprise
⑤ Managing the mobile ecosystem
⑤ Summary
41 © 2014 IBM Corporation
- 42. A quick overview of Worklight Security
Protect data
on the device
Streamline
corporate
security
approval
processes
Proactively
enforce
security
updates
Provide
robust
authenticatio
n and
authorization
to secure
users
Protect From
Known
Application
Security
Threats
Application Security Objectives
Application Security Design:
Develop secure mobile apps using
corporate best practices
Encrypted local storage for data
Offline user access
Challenge response on startup
App authenticity validation
Enforcement of organizational security
policies
42 © 2014 IBM Corporation
- 43. Proactively enforce
security updates
Remote
disable
Direct
update
App
authenticity
testing
Protect data on the
Coupling
device id
with user id
Secure
challenge-response
on
Provide robust
authentication and
Security Features Mapping
device
startup
protection
realms
provisioning
integration
authorization to secure
users
Offline
authentication
Authenticatio
n integration
framework
Data
Encrypted
cache / DB
Mobile
platform as
a trust
factor
Streamline
corporate security
approval processes
Code
obfuscation
SSL with
server
identity
verification
Protect from
Known
Application
Security Threats
Device
Proven
platform
security
43 © 2014 IBM Corporation
- 44. User Authentication and Authorization
Very flexible framework for simplifying
integration of apps with existing
authentication infrastructure
Manages authenticated sessions with
configurable expiration
Open: e.g., custom OTP as
anti-keylogger mechanism
Server-side services grouped into separate
protection realms for different authentication
levels
Two-factor authentication using device id as
“what you have” factor
Coupling
device id
with user id
Provide robust
authentication and
protection
realms
authorization to secure
users
Data
Need to integrate with existing
authentication infrastructure
Authenticate users when offline
Mobile passwords are more
vulnerable
Authenticatio
n integration
framework
44 © 2014 IBM Corporation
- 45. Extensible authentication framework
Leverage open framework to integrate with enterprise authentication and authorization
systems
Develop custom JavaScript or Java extensions to enable custom authentication approaches
including multi-factor authentication and biometric credential collection
Use LTPA tokens when running on WebSphere Application Server
IBM Worklight Server
Session authentication
1. Call Protected
Procedure
2. Request
Authentication
45 © 2014 IBM Corporation
- 46. User-certificate provisioning for client-side authentication
X509 certificates
Are installed on devices and can can be used to automate user authentication
Certificate provisioning options
For all apps on a device
For a particular app
Benefits
Cost saving: Certificates are typically provided by MDM solutions and is quite costly
(some charge $70 per device).
Usability: Simple, automated user authentication; User’s device does not need to be
managed by an MDM
46 © 2014 IBM Corporation
- 47. Protecting data on the device
Device theft
Offline access
Phishing, repackaging
Device
provisioning
integration
App
authenticity
testing
Protect data on the
device
Encrypted
cache / DB
Offline
authentication
Secure
challenge-response
on
startup
Encrypted JSON Store
Offline authentication using password
Extended authentication with server using secure challenge response
App authenticity testing: server-side verification mechanism to mitigate risk of Phishing through
repackaging or app forgery
Device provisioning integration: allow for the authentication of devices in addition to apps and users
HTTPS/TLS based initiation of Worklight Server connectivity from WL Client runtime using FIPS 140-2
compliant libraries
Tie in with User-Provision to use X509 Cert in establishing HTTPS/TLS connection using user
certificate
On top of the already compliancy for communication (data in transit) and for storage (JSONStore)
47 © 2014 IBM Corporation
- 48. Application Security
Proven platform security: tested by the most
demanding customers (e.g., top tier banks)
Client<->Middleware communications over HTTPS
to prevent data leakage
Server certificate is automatically verified to thwart
man-in-the-middle attacks
Developers can obfuscate application JS code to
make static analysis more difficult
SQL adapter designed to mitigate SQL-injection
Built-in audit trail
Code
obfuscation
SSL with
server
identity
verification
Protect from
Known
Application
Security Threats
Hacking
Eavesdropping
Man-in-the-middle
Proven
platform
security
48 © 2014 IBM Corporation
- 49. Device Single Sign-On (SSO)
Enables a mobile user to authenticate once and gain access to all apps from the same
organization (technically, with the same developer certificate) without re-authenticating.
Enhanced to support integration with DataPower, ISAM, and other gateways
App 1
secure Mobile OS key store
Worklight
Server
App 2
ID
Session x
Duplicate after receiving
ID fro App 2
Session y
Implementation
Implemented using combination of
server-side capabilities (realms) and
unique device identification (device ID)
On successful login the authentication
state is saved in the database and used
for validations in subsequent sessions
from the same device.
49 © 2014 IBM Corporation
- 50. Enforcing security updates
Remote Disable: shut down specific versions
of a downloadable app, providing users with
link to update
Direct Update: automatically send new
versions of the locally-cached HTML/JS
resources to installed apps
Can’t rely on users
getting the latest
software update on
their own
Proactively enforce
security updates
Remote
disable
Direct
update
50 © 2014 IBM Corporation
- 51. Agenda
① The high cost of building mobile apps
② The IBM Worklight value proposition for digital agencies
③ How IBM Worklight saves cost?
④ Looking at Worklight in depth
① Accelerating development
② Shortening the mobile app lifecycle management
③ Securing the mobile ecosystem
④ Enabling user engagement with the enterprise
⑤ Managing the mobile ecosystem
⑤ Summary
51 © 2014 IBM Corporation
- 52. Worklight Server: Adapters
Run time
Lightweight server-side logic to expose systems of records in a mobile-friendly
way
Automatic JSON transformation of enterprise data for quick
transport and ease of consumption by mobile developer
Server-side service composition to reduce number of requests over
slow mobile network
XSLT to reduce fat SOAP responses
Security
Automatic enablement of server-side authentication control and
audit
Analytics
Automatic collection of user actions and device and app properties
Data sync
Enables synchronization with on-device JSON Store
Mobile user engagement
Push notifications and geo-based event management
SQL / JDBC
SOAP /
HTTP
REST
Java
Extension
ESB**
JMS
CAST IRON
Node*
Worklight Server
Enterprise back-ends and
Enteclropurids es ebravcicke-esnds and
Enteclropurids es ebravcicke-esnds and
cloud services
* As tech preview
** Available with IBM Message Broker
For the server developer
JS anywhere: Simple APIs for server-side JavaScript development
Extensibility: Java API for custom adapters
For the client developer
Easy-to-use, consistent client-side API to call any back-end system
52 © 2014 IBM Corporation
- 53. Automatic adapter generation for SOAP and SAP NetWeaver
Speed-up creation of mobile apps which interact with
Enterprise back-end system of records
Reduce the amount to coding to zero or near-zero for invoking
SOAP based web services and services from the SAP
NetWeaver Gateway
Consume these services via the generated adapter from your
web, hybrid, or native app
53 © 2014 IBM Corporation
- 54. Unified Push Notifications
• Uniform access to push notifications providers
‒ Register for, notify, and receive a notification via Worklight APIs or SMS
• Register for and send SMS based notifications
‒ E.g., for feature phones
Back-end
System
Back-end
System
Back-end
System
Back-end
System
Polling
Adapters
Message-based
Adapters
Unified
Push API
Notification
State
Database
User-
Device
Database
iOS
Dispatcher
Android
Dispatcher
Windows
Phone
Dispatcher
SMS
Dispatcher
Apple Push
Servers
(APN)
Google Push
Servers
(GCM)
Microsoft
Push
Servers
SMS/MMS
Brokers
Administrative Console
Notification statistics, SMS subscription control
Worklight
Client-side
Push Services
iOS
Push API
Android
Push API
Windows
Push API
Broker
API
Worklight
Client-side
Push Services
Worklight
Client-side
Push Services
Optional 2-way SMS
54 © 2014 IBM Corporation
- 55. Push notification enhancements in Worklight Foundation 6.2
Group notifications based on tags
Notifications are targeted to only a select set of users based on their topics of interest
Tags allow message producers / senders to segment devices
One or more tags can exist per application
Defined in application-descriptor.xml – created during deployment
Broadcast, unicast and narrowcast notifications
New APIs available to send a notification to all the devices that installed the application
Also provides for an option to opt out of receiving broadcast notifications
Enhanced APIs to send a notification to specific user or device that installed the
application
Support for a notification targeted to devices of a particular platform that installed the
application
New server side REST APIs for device and subscription management
Improved scalability of the push infrastructure to handle large volumes of push messages
55 © 2014 IBM Corporation
- 56. Two-way SMS communication
Why SMS?
For feature phone users: A preferred mode of interaction
For roaming users: When data roaming fees are not affordable
In emerging markets: More reliable than Internet connection
HTTP integration with SMS gateway or aggregator for the SMS delivery
Seamless backend integration, mapping of incoming SMS to the relevant
Mobile user enterprise
Sends SMS messages based on
keywords published by the
enterprise
Enterprise mobile user
Responds to a user request
Initiates a new request by
sending an SMS notification to a
subscribed user
SMS in Worklight
backend calls
SMS HTTPS
56 © 2014 IBM Corporation
Source of phone image: http://shmector.com/photo/3d_mobile_phone_icon/1-0-646
Backend
Service
Worklight
SMS Gateway
- 57. Worklight Geo-Location Services
Efficient, controlled
acquisition of GPS,
triangulation, and Wi-Fi
coordinates in background
and foreground
Store
Collect and use on the mobile device
Define points of
interest and geo-fences
Use on the server
Integrate context
information with
business processes
Trigger actions based
on location changes
Handle business
events
Store while offline,
Efficiently send to
server
API availability
• Hybrid: iOS, Android, Windows Phone 8
• Native: IOS and Android
Perform analytics
Scenarios debug-able
with
Worklight’s Mobile
Simulator
57 © 2014 IBM Corporation
- 58. Mobile Data support: JSON Store
API now available for native iOS and Android apps!
On-device, mobile database support
Embedded JSON mobile database
JavaScript APIs to store, query and update
the data in offline mode using MongoDB-like
APIs
Encrypt sensitive data
Using a key provided by developer or
obtained as user’s password
FIPS140-2-compliant
Server-to-client Sync
Retrieve, store and keep data store up-to-date
using adapters
Client-to-server Sync
Simplify write actions on data while the app
is offline and send these actions to the
server
Enterprise API-based
Leverages corporate API / SOA layer to
access sensitive enterprise data
Back-end
system or
database
Corporate SOA /
Enterprise Bus
JSON
Store
Mobile App
Worklight
Server
Worklight
Adapter
JSON
XML, JDBC, …
58 © 2014 IBM Corporation
- 59. Extending enterprise services via USSD
Unstructured Supplementary Service Data (USSD) provides a cost-effective alternative to
mobile apps in emerging markets where feature phones are still fairly common
USSD (Unstructured Supplementary Service Data) is a protocol used by GSM cellular
telephones to communicate with the telecom provider.
Worklight will now enable the
following:
• Accept incoming requests from
a USSD gateway and map the
USSD short codes to
corresponding Worklight
adapters
• Construct and respond with
USSD menu options
• Invoke corresponding backend
services via Worklight adapters
59 © 2014 IBM Corporation
- 60. Example: Mobile app using Worklight for USSD communication
Telco forwards
this to a USSD
gateway
USSD
Gateway
Worklight
responds to the
gateway request
with the USSD
menu options
(configurable)
Worklight
Adapter
Enterprise
backend
HTTP/S
Mobile User dials
USSD short code
say, *123#
Gateway maps the
short code to a known
URL provided by the
enterprise and creates
the USSD session
Enterprise
60 © 2014 IBM Corporation
- 61. Agenda
① The high cost of building mobile apps
② The IBM Worklight value proposition for digital agencies
③ How IBM Worklight saves cost?
④ Looking at Worklight in depth
① Accelerating development
② Shortening the mobile app lifecycle management
③ Securing the mobile ecosystem
④ Enabling user engagement with the enterprise
⑤ Managing the mobile ecosystem
⑤ Summary
61 © 2014 IBM Corporation
- 62. Managing mobile apps with the Worklight Console
Supports
multiple
versions on the
same platform
Device specific
versions are
uncoupled
62 © 2014 IBM Corporation
- 63. The Worklight Console supports several Worklight projects
Ability to administrate several project
WAR files deployed on the same
topology (WAS ND cluster, single
server, farm of servers) with a single
console
New console page allows navigation
between several runtimes
Simplified navigation for a single
project runtime use case
63 © 2014 IBM Corporation
- 64. Administrators can use CLI or REST API for management tasks
REST API for all administrative operations
List, deploy, delete and change applications and adapters
Device management API
Secured with basic authentication
Role-based access
XML and JSON payload
Ant tasks for all administrative operations
Same feature set as REST services
ANT tasks defined in worklight-ant-deployer.jar
Supports SSL and password encryption in ant files
Role-based access
Command Line Interface for all administrative operations
Command line version of ant tasks
Role-based access
64 © 2014 IBM Corporation
- 65. Examples of REST API, ANT tasks, and CLI
REST services
• Get all applications or post a new one
/management-apis/1.0/runtimes/{runtime-name}/applications
• Get or delete an application
/management-apis/1.0/runtimes/{runtime-name}/applications/{app name}
• Retrieve or delete an adapter
/management-apis/1.0/runtimes/{runtime-name}/adapters/{adapter-name}
• Lock an application version
/management-apis/1.0/runtimes/{runtime-name}/applications/{app
name}/{environment}/{version}/accessRule
Ant tasks
• <wladm url=... user=... password=...|passwordfile=... [secure=...]>
• <list-apps runtime=... />
• <delete-app-version runtime=... name=... environment=... version=... />
• <deploy-adapter runtime=... file=... />
• </wladm>
Command Line interface
• wladm --url= --user= ... [--passwordfile=...] lists apps [runtime-name]
• wladm --url= --user= ... [--passwordfile=...] delete app version [runtime-name] app-name environment
version
• wladm --url= --user= ... [--passwordfile=...] deploy adapter [runtime-name] filename.adapter
65 © 2014 IBM Corporation
- 66. Worklight Console and CLI secured by default
Standard JEE security is used in the
console and CLI tools
Login / Logout from the console out of
the box
Role based access to the console
Simplified connection to user
repositories
Use standard role mapping in WAS
console , Liberty , Tomcat
66 © 2014 IBM Corporation
- 67. Role based access to administration tasks
Role Description
monitor
Ability to view the deployed Worklight
projects and the deployed artifacts,
this role is a read-only role
operator
Can do all mobile application
management operations but cannot
add or remove application versions or
adapters.
deployer
same role as operator but can also
deploy apps and adapters.
administrator
Ability to do all application
management operations including the
ability to add new versions of
applications and add and remove
adapters. The app administrator can
also configure more information on the
application itself such as runtime
specific settings such as SMS proxy
configuration.
67 © 2014 IBM Corporation
- 68. Disable a mobile app using the Worklight Console
Remote Disable: Deny access to an app of a specific version on a
specific environment
• Ensure users use the latest security fixes
• Avoid using previously installed old versions that are no longer
supported
68 © 2014 IBM Corporation
- 69. Direct Update for mobile apps on the device
App Store
Worklight
Server
Native Shell
Pre-packaged
resources
Download
Check for
updates
Web
3
resources
Update web
resource
Transfer
Cached
resources
1
2
4
1. Web resources packaged with app to ensure initial offline availability
2. Web resources transferred to app's cache storage
3. App checks for updates on startup and foreground events
4. Updated web resources downloaded when necessary, with user
confirmation or silently
69 © 2014 IBM Corporation
- 70. Enhancements to Direct Update in Worklight Foundation 6.2
Direct Update is now integrated into the Worklight Server security framework and
exposes a client-side API for better control and customization:
Control when to invoke Direct Update
• perSession, perRequest, or custom
• Disable Direct Update for an app
Replace the default behavior and UI with a branded one
Description JavaScript
Direct update events listener
class name
WLDirectUpdateListener
Invoked by WL framework once
direct update has started
onStart(statusJSON)
invoked by WL framework once
HTTP chunk has been
downloaded
onProgress(statusJSON)
invoked by WL framework once
direct update has finished (with
either success/failure)
onFinish(statusJSON)
STARTED
DOWNLOAD_IN_PROGRESS
UNZIP_IN_PROGRESS
SUCCESS
FAILURE_NETWORK_PROBLEM
FAILURE_DOWNLOADING
FAILURE_NOT_ENOUGH_SPACE
FAILURE_UNZIPPING
FAILURE_ALREADY_IN_PROGRESS
FAILURE_UNKNOWN
70 © 2014 IBM Corporation
- 71. Remote-controlled client-side log collection
Worklight provides Native and JavaScript API for client-side logging
Administrator defines log collection profiles on the server which are automatically retrieved
by the Worklight client-side runtime
By default sent on init, resume, and 75% full – can be customized
Administrator can perform analysis and text search of client-side logs via server-side
analytics console
71 © 2014 IBM Corporation
- 72. Unified Client and Server Analytics
Out-of-the-box analytics address the following:
User adoption, device and app properties
User actions and called adapter procedures
Performance and data usage information
Exceptions, crashes, logs, response time
Geolocation data
Analytics component now provided in a WAR for simple install and administration
72 © 2014 IBM Corporation
- 73. Service integration analytics
Robust analytics for adapter usage including average response time, average data usage,
and server usage statistics
73 © 2014 IBM Corporation
- 74. Server and Client log inspection made easy
Worklight Analytics Console enables easy searching of both client and server logs
74 © 2014 IBM Corporation
- 75. Agenda
① The high cost of building mobile apps
② The IBM Worklight value proposition for digital agencies
③ How IBM Worklight saves cost?
④ Looking at Worklight in depth
① Accelerating development
② Shortening the mobile app lifecycle management
③ Securing the mobile ecosystem
④ Enabling user engagement with the enterprise
⑤ Managing the mobile ecosystem
⑤ Summary
75 © 2014 IBM Corporation
- 76. IBM Worklight Key Differentiators
• Tooling for HTML 5 development and device adaptation
• Application lifecycle management of HTML5 artifacts
• Leveraging de-facto standards to provide added value for developers
Standards-based
• Native / hybrid / web
• Full coverage of the hybrid spectrum
• Leverage any 3rd Party JavaScript Framework: More Choice!
Flexibility and choice
• For developers: easy learning curve, small number of programming
models, JS anywhere, small footprint
• Collaborative development
• Quick and Easy Installation and deployment
Consumability
• Flexible security model
• Portfolio integration
• Advanced in-app security features
Security
• IBM products already leveraging Worklight as a mobile standard
• Starting to build a catalog for third-party APIs
• MobileFirst Solutions for Testing, Team Dev, Analytics, Security and
Mgmt
Ecosystem
76 © 2014 IBM Corporation
- 77. Three Ways to Get Started with IBM
1 Download the free IBM Worklight
Developer Edition: ibm.co/worklightde
2
Talk with your IBM representative or Business
Partner to find the right next step for you 3 Learn more at www.ibm.com/mobile-enterprise
Interact with us @ibmmobile and #ibmmobile
77 © 2014 IBM Corporation
- 78. http://www.ibm.com/developerworks/mobile/worklight
© Copyright IBM Corporation 2013. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have
the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM
software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities
referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature
availability in any way. IBM, the IBM logo, Rational, the Rational logo, Telelogic, the Telelogic logo, and other IBM products and services are trademarks of the International Business Machines
Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
78 © 2014 IBM Corporation