IBM Watson Content Hub Architecture Overview
Watson Content Hub supports a new omni-channel approach with a headless CMS Treat content as a system of record Separated content & presentation Access content via rich REST APIs Deliver consistent content across all customer touchpoints Web Sites and Mobile Web Web Applications, Single Page Apps Mobile Applications Internet of things
What you get with Watson Content Hub Authoring Interface Asset management Content management Cognitive tagging Image profiles Authoring APIs for content, content model, and assets Command line client Code samples Global PAYG Platform Akamai CDN included Watson services included Pay for asset storage GB and data transfer GB overage or up-front purchase 99.9% uptime SLA Worldwide Delivery of Assets and Content Akamai delivery of assets and web application resources Delivery APIs for content Powerful search API based on SOLR Code samples
With a traditional CMS, a single data store is used for both authoring (read/write) and delivery (read) Read/write Read Information Architects Content Authors Designers Business Owners Data Model Users
With Watson Content Hub, the publishing engine generates optimized content on CDN and in a dedicated delivery data store Authoring System Delivery System Read/write Read Information Architects Content Authors Designers Business Owners Authoring Data Model Delivery Data Model CDN Replication Caching Users Worldwide availability
Authoring Authoring APIs Delivery Customer Experience WCH Architecture Overview Essentials Edition Standard Edition Custom apps Email, Devices etc WCH-hosted SPA Akamai CDN Assets Developer assets Site SPA Delivery APIs Search index Content Pages Authoring UI Content/Asset Mgmt Site Management Publishing Content Repository Assets Schedulin g Developer assets Site SPA Data replication for DR/HA IBM ID Content Search index Pages Mata-data enhancement Customer Repository 6 wchtools
Delivery via Content Deliver Network 7 2016 IBM World wide distribution/ replication Efficient routing Fast load time for end users Cache control Request Transformation Metering/Billing Security (including DOS protection)
Using IBM Watson Content Hub services Samples Fully-documented APIs on developer.ibm.com/api Sample API usage Swagger API documentation Authoring and delivery API 8 2017 IBM Live samples site: http://samples.watsoncontenthub.io/sample-pages/index.html
Sites Watson Content Hub Standard Edition includes site management and delivery support. The Oslo out-of-the-box starter site provides a rich, modern, Angular 4 based site template. Customize the site with new styles, layouts and content types. Site support builds on top of all the content and asset services and CDN delivery. All site content can be reused in
Architecture of a Watson Content Hub site A WCH site consists of two high-level pieces: 1. Site application An Angular 4 application hosted on the Akamai CDN provided with WCH Customized by a web developer working with HTML, CSS, and JavaScript Application source is managed by the web developer in GitHub/etc. Uses an SDK library that provides optimized access to Watson Content Hub services 2. Site content Includes the site page structure, the site content and images, the content model, and the choices for layouts and styles for the site Site content is created and managed by non-developers in the Watson Content Hub user interface 10
Architecture of a Watson Content Hub site Akamai CDN Site Application (Angular 4 application) Navigation support Layouts for content and pages Header and footer components CSS styles JS libraries Site images/resources WCH Cloud Services SDK Site Content Site structure and pages Content and assets Content model (content types, image profiles, categories) Front-end Developer Choice of Tooling Marketer or Content Specialist Business User Interface
Modern Micro-Services Architecture Engineered for Cloud. Secure, multi tenant micro service architecture that provides performance, auto scaling, monitoring, and metering 12 2016 IBM Micro Services Flexible, powerful content managed micro services allow content authoring, publishing and run-time componetns to be easily consumed, maintained, scaled, updated and perform to expectations Secure All customer logging/tracing information is encrypted, only the customer can read their data with dedicated encryption key. Data is also encrypted at REST calls per tenant and all communication is completed via HTTPs. Meets industry security norms (ISO27k) and can integrate with customer compliance practices. Resilient and High-Performing Built using Docker containers, robust data store in IBM Cloudant and access to secure WW IBM Data Centers customers can build content experiences that are delivered via Akamai and auto-scale to meet their business needs Extensible Customers and business partners to customize tooling (e.g. extending drop down options) or add-on functionality (e.g. additional editors) to providing specific added value. Power APIs and RESTful services allow integration into 3 rd party solutions Framework Agnostic Being framework and template agnostic allows for maximum flexibility for designers and developers. Native support for common solutions such as Bootstrap, Angular and Foundation with out of the box templates using Handlebar and Moustache Publishing A pluggable rendering framework allows customers the freedom and flexibility to publish their omni-channel content that will meet the channel needs by publishing content as full sites, single web pages, HTML Snippets, or though a Content as a Service (CaaS) model that renders customized JSON or XML
Modern Micro-Services Architecture Authoring and Authoring UI Publishing API Command Line Dev Tools End User UI Content Services API Akamai, Gateway, Dispatcher, Login Content, Types, Assets, Categories, Designs Shell UI Search Sites Page Assemblies Publishing Manager Core Publishing Rendering Preview File Storage Proxy File Access Search Content Access Targeted Content Content Model Content DAM Assets File Resources Configuration Content DAM Assets Generated HTML File Resources 13 Infrastructure Services Service Registry, Message Bus, Cloudant, Monitoring, Logging, Tenant & User Services, Configuration Service
Resilient and Scalable Infrastructure SaaS, cloud only and multi-tenant Delivered across multiple datacenters Worldwide distribution Integrated with content delivery networks Stateless, session-less micro-services Dynamic scaling of services Secure platform Datacenters comply with SSAE-16 and are ISO27001 certified Secured by IBM Blue ID Full set of managed public APIs (JSON@REST) Deliver content to any kind of consuming client 14 2017 IBM
Akamai Edge Sserver Akamai NetStorage Content Hub System Architecture PUBLIC NETWORK Client SSL Termination V Y A TV TY A AT T Already trusted Akamai SSL Termination F 5 HTTP IBM SOFTLAYER VHOST Iem.adm01.ibm.com SSP Marathon/Mesos (PROD01-WDC04) Content Hub Microservices consul WDC04 search auth publish delivery V Y A V T Y T A T A T CLOUD SERVICES IBMID A SENTINEL WEBSERVER (HAPROXY) A HTTP S GLOBAL IP PRIVATE NETWORK WATSON V Y A TV TY A AT T F 5 HTTP VHOST Iem.adm01.ibm.com FRA01 SSP Marathon/Mesos (PROD01-FRA01) Content Hub Microservices consul search auth publish delivery V Y A V T Y T A T A T CLOUDANT Iem.cloudant.com A A Akamai SSL Termination SENTINEL WEBSERVER (HAPROXY) NEW RELIC prod key
IBM Watson Content Hub micro-services are independently developed, deployed and managed one service can be deployed without affecting others multiple versions of one service can be active at a given time each service runs in its own docker runtime independently scaled, fully resilient and self healing independent of their deployment location, state-less and cache-less using their own persistence layer, which is completely independent from other services implemented in the best suited programming language for their purpose Java, NodeJS, exposed via public REST interfaces through an API gateway dependency between micro services is limited to usage of exposed APIs 16 2016 IBM
Integrating Akamai Content Delivery Network Delivery of published content and assets via CDN is tightly integrated into the IBM Watson Content Hub architecture Worldwide distribution of content and assets for fast access by end users Managing caching policies (e.g. expiration) Configuration of Akamai services (Edge Configuration Service) Manage Custom Domain Names for individual tenants Metering and Billing of Watson Content Hub usage Security gateway at the edge (e.g. to prevent Denial of Service Attacks) o Akamai Edge is the main entry point/proxy into the system and dispatches between cached resources stored by the CDN Netstorage and dynamic API calls to Content Hub microservices 17 2016 IBM
Security and Compliance 18 Data-in-transit protection TLS (Version 1.2 or above) TLS VPN gateway Asset Protection Watson Content Hub is EU-US Privacy Shield certified Datacenter and Cloud Platform Operation are ISO27K certified and comply with SSAE-16 Operational security ISO27001 and SSAE-16 compliant operation in SoftLayer Datacenters. Regular automated vulnerability scans during development, test and production to assess potential security impacts. IBM internal security policies cover SaaS operation, secure engineering, and incident response (CSIRT). Regular reporting of the status and approvals go up to the executive management level. Management responsibility, annual training for all employees, internal and external audits ensure that policies are followed. Secure development 2016 IBM The Secure Engineering Framework at IBM includes education and awareness, project planning, risk assessment and threat modelling, security requirements, secure coding, test and vulnerability assessment, documentation, and incident response. Product Security Incident Response teams ensure the timely identification, analysis, resolution and reporting of security vulnerabilities in IBM products. More information at https://www-03.ibm.com/security/secure-engineering/
Security: authentication Watson Content Hub uses IBMid for authentication IBMid is used for access to all of IBM's applications, communities, support and more Federated authentication can be used to enable IBMid authentication to your organization's identity provider Security Assertion Markup Language 2.0 (SAML 2.0) is used for this See Federated authentication documentation 19 2016 IBM
Security: authorization user roles Watson Content Hub supports the following roles: Administrator: set up a content hub and its privileges, manage hub usage, and manage user privileges in addition to working with content types, content items, and assets Manager: work with content types in addition to working with content items and assets Editor: work only with content items and assets Viewer: API-only read access to authoring services for content, assets, and search Anonymous: retrieve content and assets from delivery only 20 2016 IBM
Security: roles and user tasks 21 2016 IBM Task Admin. Manager Editor Viewer Search Manage users Hub settings Content model: types, image profiles, and categories Content items Assets Search in UI Authoring search using API Add/Remove User Change user role Manage Locales Manage categories View usage data Create, update, delete content types, image profiles, and categories Create, update, delete content items Read Authoring content items using API Import, tag, and classify Assets Define image renditions Set start and end points for videos
Security: managing users and assigning roles 22 2016 IBM
Security: CORS (Cross-Origin Resource Sharing) CORS can be enabled for Watson Content Hub APIs for specific trusted domains This may be needed for Ajax requests from web applications that are not hosted on Watson Content Hub Add or remove trusted domains on the Security tab under General Settings 23 2016 IBM
Resilient and Scalable Infrastructure Datacenters: Softlayer Orchestration: Marathon / Mesos Containerization: Docker Storage: Cloudant (JSON) & Akamai NetStorage (Assets) API Gateway/Management :Papillion, IBM API Connect Service Registry: Consul Message Bus: Kafka Search: Solr Configuration: Zookeeper HTML templating: Handlebars and Angular Logging: Kafka, Graylog2 Monitoring: New Relic 24 2016 IBM
Graylog Logging
Monitoring and Alerting: New Relic 26 2016 IBM
More information for developers Developer Center: https://developer.ibm.com/customer-engagement/docs/wch/ Live samples site: http://samples.watsoncontenthub.io/sample-pages/index.html Code samples on GitHub: https://github.com/ibm-wch Slide deck on Developing With Content Services: https://ibm.box.com/s/3239mv3kz8nhxwc73dh7pb624fgd650i Slide deck on Sites Development Overview: https://ibm.box.com/s/0od1ta7hsmkxzl2i8y08o06zqwa0pzbq 27
Sign up for free trial https://developer.ibm.com/customer-engagement/watson-content-hub/ 30-day free trial 28 2016 IBM
29