Migration from IBM webMethods / DataPower
This guide covers migration from Software AG webMethods and IBM DataPower API gateways to STOA Platform.
What You Haveβ
Typical IBM/Software AG stack:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CURRENT STATE β
β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β webMethods Integration Server β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β β β API β β ESB β β B2B β β β
β β β Gateway β β Mediator β β Gateway β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β OR β β
β β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β IBM DataPower Gateway β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β β β Multi- β β Security β β API β β β
β β β Protocol β β Token β β Firewall β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β Pain points: β
β β’ Limited visibility into API traffic β
β β’ Specialized expertise availability challenges β
β β’ Manual API onboarding (weeks, not minutes) β
β β’ Configuration sprawl across environments β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
What STOA Providesβ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β WITH STOA β
β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β STOA Control Plane (Cloud) β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β β β Portal β β Config β β Metrics β β β
β β β Catalog β β API β β Grafana β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β orchestrates β
β β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β webMethods / DataPower (On-Prem) β β
β β (unchanged) β β
β β Now with unified observability β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
β Benefits: β
β β’ Real-time visibility via Grafana dashboards β
β β’ Self-service API onboarding (minutes) β
β β’ Keep existing gateway investment β
β β’ Gradual migration path β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Migration Pathβ
Phase 1: Discovery & Importβ
Goal: Register existing APIs in STOA catalog
-
Export API Definitions
# webMethods: Export from API Portal
curl -X GET "https://webmethods-portal/apis/export" \
-H "Authorization: Bearer $TOKEN" \
-o webmethods-apis.json
# DataPower: Export from Web GUI or CLI
dp-export --domain api-gateway --format openapi -
Import to STOA
# Use STOA CLI to import
stoa api import --file webmethods-apis.json --format webmethods
stoa api import --file datapower-apis.json --format openapi -
Verify Catalog
- Open STOA Portal
- Confirm all APIs appear with correct metadata
- Check endpoint mappings
Phase 2: Identity Federationβ
Goal: Connect STOA to existing identity infrastructure
For webMethods Integration Server:
# keycloak-federation.yaml
kind: IdentityProviderConfig
metadata:
name: webmethods-federation
spec:
provider: oidc
config:
issuerUri: https://webmethods-oauth/oauth
clientId: stoa-federation
clientSecret: ${WEBMETHODS_CLIENT_SECRET}
scopes: openid,profile,api_access
For DataPower with LDAP/AD:
# keycloak-ldap.yaml
kind: UserFederation
metadata:
name: corporate-ldap
spec:
provider: ldap
config:
connectionUrl: ldaps://ldap.corp.local:636
usersDn: ou=users,dc=corp,dc=local
bindDn: cn=stoa-service,ou=services,dc=corp,dc=local
bindCredential: ${LDAP_PASSWORD}
Phase 3: Observability Integrationβ
Goal: Unified metrics and logging
-
Deploy Prometheus Exporter for webMethods
apiVersion: apps/v1
kind: Deployment
metadata:
name: webmethods-exporter
spec:
template:
spec:
containers:
- name: exporter
image: stoa/webmethods-exporter:latest
env:
- name: WEBMETHODS_URL
value: "https://webmethods-is:5555" -
Configure Grafana Data Source
datasources:
- name: webMethods
type: prometheus
url: http://webmethods-exporter:9090
access: proxy -
Import STOA Dashboards
- webMethods API Traffic
- DataPower Performance
- Cross-Platform Comparison
Phase 4: Traffic Migrationβ
Goal: Gradually shift traffic through STOA
Shadow Modeβ
STOA receives copy of traffic for validation:
# shadow-routing.yaml
apiVersion: networking.stoa.io/v1
kind: TrafficShadow
metadata:
name: webmethods-shadow
spec:
source:
gateway: webmethods
target:
gateway: stoa
percentage: 100
mode: readonly # No impact on production
Canary Deploymentβ
Start with 5% of traffic:
# canary-routing.yaml
apiVersion: networking.stoa.io/v1
kind: TrafficSplit
metadata:
name: webmethods-canary
spec:
routes:
- destination: webmethods
weight: 95
- destination: stoa
weight: 5
Full Migrationβ
When ready, shift all traffic:
# full-migration.yaml
apiVersion: networking.stoa.io/v1
kind: TrafficSplit
metadata:
name: webmethods-migrated
spec:
routes:
- destination: stoa
weight: 100
webMethods-Specific Considerationsβ
License Optimizationβ
| webMethods License | STOA Strategy |
|---|---|
| API Gateway | Replace with STOA Gateway (optional) |
| Mediator | Keep for complex transformations |
| Integration Server | Keep for backend integrations |
| API Portal | Replace with STOA Portal |
Configuration Mappingβ
| webMethods Concept | STOA Equivalent |
|---|---|
| Application | Subscription |
| API Package | API Group |
| Policy | Policy (STOA format) |
| OAuth Scope | Keycloak Scope |
| Transaction Log | Audit Trail |
Transformation Migrationβ
Complex webMethods mediations can be:
- Kept as-is β STOA routes to webMethods for transformation
- Simplified β Move simple transformations to STOA
- Modernized β Rewrite in STOA's policy language
DataPower-Specific Considerationsβ
Multi-Protocol Supportβ
DataPower's strength is multi-protocol handling:
| Protocol | STOA Support |
|---|---|
| HTTP/REST | Native |
| SOAP/XML | Native |
| MQ/JMS | Via adapter |
| FTP | Planned |
Security Token Serviceβ
DataPower STS functions mapped to STOA:
| DataPower STS | STOA Equivalent |
|---|---|
| Token validation | Keycloak validation |
| Token transformation | Token Exchange (RFC 8693) |
| SAML assertions | Keycloak SAML broker |
| WS-Security | Not supported (use OIDC) |
Rollback Procedureβ
At any point, revert to original routing:
# Immediate rollback
kubectl apply -f original-routing.yaml
# Verify
stoa traffic status --gateway webmethods
Success Criteriaβ
| Metric | Target |
|---|---|
| API imports | 100% registered in STOA |
| Identity federation | SSO working |
| Observability | Dashboards showing data |
| Traffic migration | β₯95% through STOA |
| Latency | β€ webMethods baseline + 5ms |
Next Stepsβ
- Oracle OAM Migration β If you also have Oracle identity
- Hybrid Deployment β Architecture options
- Security & Compliance β DORA/NIS2 considerations
Need migration assistance? Contact us for professional services.