The new SOA Offering joint portfolio started in IMPACT meeting last may. The 2 teams met (GTS/GBS) for IMPACT A reaction to strong investmest in SOA infrastructures from Accenture (need to fight it!) Name of strategy is PIP (check) There is GBS/GTS people dedicated in PIP Start of August, a WW taem working on that S&D request request Tell the CITAs Reaction: Face to face meeting , half the CITA’s presence in Amsterdam, too much marketing S&D doesn’t need to know exactly whats behind S&D requests: - Real people build local table - Find opportunities but…where are the skills? - GBS /GTS at different speeds, no one ahead of the other
So here it is, boldly stated – and not just by us, but by independent analysts too. SOA is a directly strike at the biggest and most intractable problems confronting IT today. But the real miracle is that it doesn’t just eliminate a problem – it creates an opportunity too. While it cuts operational costs – a valuable enough thing in its own right – it increases responsiveness to revenue opportunities by allowing a faster and more flexible configuration of business processes. If you think about it, how many technologies allow you to cut cost and raise revenues as the very same time? It’s usually one or the other, and seldom the latter. The miracle is in the very nature of SOA – in that it sews technology right into the business process itself, erasing any distinction between the two.
First, what’s an architecture. Basically, it’s a model that shows the fundamental structure of a system – business applications, or software in our case. An architecture shows the software broken down into components, and their relationship to each other and the environment – just as a floor plan show the relationship of one room to another in a blueprint for the first floor of your home. An SOA is an architectural framework that takes everyday business applications and breaks them down into individual business functions into services. An SOA – and here’s its power – lets you build, deploy, and integrate those services independent of applications and the computing platforms on which they run. It’s like cracking open a nut and getting the edible part out. Suddenly, these extremely valuable service components are no longer locked away in these applications and their platforms; now, they’re exposed and available – ready for you, the business strategist, to mix and match as you see fit. The limit now on what you can do with your IT is no longer a function of the IT itself. It’s only your creativity and imagination (in looking at the opportunities you face and figuring out how you can configure these components to address them). This is what we mean when we say that SOA puts IT entirely at the disposal of business.
Here’s a good example. A bank can take its existing applications, break them down into their component services, and reassemble those components to create a completely new application – addressing a completely new opportunity. This example embodies several key concepts. One, of course, is reuse: Before you go out and buy something new, you see if you can make use of what you already have. Chances are, if you’re a big, mature company, you have much of what you need – just presently locked away in proprietary systems. Another is that you can build – or buy if you can’t build it – precisely what you need. You don’t necessarily have to buy a whole new applications – adding in many cases to duplication. You just to get hold of the additional service components you need. Although some work (and infrastructure) is required to access the existing services to enable new products or processes, it’s significantly less costly and, perhaps more important, significantly less time-consuming to do so.
You should believe it for two reasons. First, standards, in the form of Web Services, have materialized, meaning a new degree of modularization and inter-compatibility. Second, software and is being developed and integrated by linking defined services. This is what is meant by service orientation. (Note: To be honest, I don’t really understand this second point. I don’t get a clear picture of the new way in which software is being developed.)
*Main point: flexible business requires flexible IT. Think about your business in terms of components, optimize a business process, and ensure you have the IT resources to support the flexibility you need. I’ve said it before but it bears repeating; your business is only as flexible as your IT. IT supports everything your company does and if your IT can’t change quickly and cost effectively, neither can your business. And with the rate of change of today’s business, you can’t afford inflexibility. First you can start with a full business view. Break your business into components and decide which components set your business apart and are cost effective for you to own. Then once you can optimize the prioritized processes by distributing them among the best service providers wherever they may be including sometimes outsourcing the service or other third party provider. So, the third part is, what kind of IT infrastructure, software, skills and support do you need to make this a reality? Let me emphasize again that your business is only as flexible as your IT is. Service Oriented Architecture bridges this gap and allows you to use the existing IT investments you have and achieve the flexible, distributed business processes we discussed on the right. Let’s go into some more detail about how to make this happen.
**Main point: The SOA reference architecture is a vendor-neutral way of looking at and planning the set of services that go into building an SOA. The SOA reference architecture is a way of looking at the set of services that go into building an SOA. This architecture is not unique to IBM ; these are things that you need to consider when approaching SOA regardless of what products and services are used. These capabilities can be implemented on a build-as-you-go basis allowing capabilities and project level solutions to be easily added as new requirements are addressed over time. You can see that these services organized along the same lifecycle we’ve discussed. On the left in is Development Services which is model and assemble, in the middle are the elements of the deployment run-time environment you use and on the right is management. The backbone of the reference architecture is the enterprise service bus which facilitates communication between services. The reference architecture is a great tool for laying out roadmaps for pursuing SOA. Regardless of what kind of project you’re undertaking, it makes sense to lay it out on a reference architecture to see how the various services you’re designing are going to interact with each other Additional detail: The SOA Reference Architecture outlines the key capabilities that are required for comprehensive, enterprise wide SOA solutions. These capabilities can be implemented on a build-as-you-go basis allowing capabilities and project level solutions to be easily added as new requirements are addressed over time. Tools are an essential component of any comprehensive integration architecture. The SOA Architecture includes both Development Services which are used to implement custom artifacts that leverage the infrastructure capabilities, and Business Innovation & Optimization Services which are used to monitor and manage the runtime implementations at both the IT and business process levels. At the core of the SOA Reference Architecture is the Enterprise Service Bus . This delivers all of the inter-connectivity capabilities required to leverage the services implemented across the entire architecture. Transport services, event services, and mediation services are all provided through the ESB. The SOA Reference Architecture also contains a set of services that are oriented toward the integration of people, processes, and information: Interaction Services provide the capabilities required to deliver IT functions and data to end users, meeting the end-user's specific usage preferences. Process Services provide the control services required to manage the flow and interactions of multiple services in ways that implement business processes. Information Services provide the capabilities required to federate, replicate, and transform data sources that may be implemented in a variety of ways. Many of the services in an SOA are provided through existing applications; others are provided in newly implemented components; and others are provided through external connections to third party systems. Existing enterprise applications and enterprise data are accessible from the ESB through a set of Access Services that provide the bridging capabilities between legacy applications, pre-packaged applications, enterprise data stores and the ESB. The SOA Reference Architecture also contains a set of Partner Services that provide the document, protocol, and partner management capabilities required for business processes that involve inter-actions with outside partners and suppliers. Business Application Services provide runtime services required for new application components to be included in the integrated system. Underlying all these capabilities of the SOA Reference Architecture is a set of Infrastructure Services which are used to optimize throughput, availability and performance. IT Services Management Services include capabilities that relate to scale and performance, for example edge services, clustering services, and virtualization capabilities allow efficient use of computing resources based on load patterns. The SOA Reference Architecture is a complete and comprehensive architecture that covers all the integration needs of an enterprise. Its services are well integrated and are delivered in a modular way, allowing SOA implementations to start at a small project level. As each additional project is addressed, new functions can be easily added, incrementally enhancing the scope of integration across the enterprise. Background: The IBM SOA Foundation delivers the capabilities you need to adopt SOA through a comprehensive architecture. These capabilities can be implemented on a build-as-you-go basis, and yet, because of the architecture and its service orientation, capabilities and project level solutions can be easily added as new requirements are addressed over time. The SOA Reference Architecture shows the key capabilities that are required for comprehensive, enterprise wide SOA solutions. Development Services are an essential component of any comprehensive integration architecture. The SOA Architecture includes development tools, used to implement custom artifacts that leverage the infrastructure capabilities, and business performance management tools, used to monitor and manage the runtime implementations at both the IT and business process levels. Development tools allow people to efficiently complete specific tasks and create specific output based on their skills, their expertise, and their role within the enterprise. Business Analysts who analyze business process requirements need modeling tools that allow business processes to be charted and simulated. Software Architects need tool perspectives that allow them to model data, functional flows, system interactions, etc. Integration Specialists require capabilities that allow them to configure specific inter-connections in the integration solution. Programmers need tools that allow them to develop new business logic with little concern for the underlying platform. Yet, while it is important for each person to have a specific set of tool functions based on their role in the enterprise, the tooling environment must provide a framework that promotes joint development, asset management and deep collaboration among all these people. A common repository and functions common across all the developer perspectives (e.g. version control functions, project management functions, etc) are provided in the SOA Reference Architecture through a unified development platform. The Business Innovation & Optimization Services incorporate monitoring capabilities that aggregate operational and process metrics in order to efficiently manage systems and processes. Managing these systems requires a set of capabilities that span the needs of IT operations professionals and business analysts who manage the business operations of the enterprise. These capabilities are delivered through a set of comprehensive services that collect and present both IT and process-level data, allowing business dashboards, administrative dashboards, and other IT level displays to be used to manage system resources and business processes. Through these displays and services, it is possible for LOB and IT personnel to collaborate to determine, for example, what business process paths may not be performing at maximum efficiency, the impact of system problems on specific processes, or the relationship of system performance to business process performance. This collaboration allows IT personnel and assets to be tied more directly to the business success of the enterprise than they traditionally have been. One key feature of the SOA Reference Architecture is the linkage between the Development and the Business Innovation & Optimization Services. The ability to deliver runtime data and statistics into the development environment allows analyses to be completed that drive iterative process re-engineering through a continuous business process improvement cycle. At the core of the SOA Reference Architecture is the Enterprise Service Bus . This architectural construct delivers all the inter-connectivity capabilities required to leverage and use services implemented across the entire architecture. Transport services, event services, and mediation services are all provided through the ESB. Transport services provide the fundamental connection layer; event services allow the system to respond to specific stimuli that are part of a business process; and mediation services allow loose-coupling between interacting services in the system. The ESB is a key factor in enabling the service orientation of the SOA Reference Architecture to be leveraged in implementing service oriented solutions and can be implemented today to meet the quality of service requirements of any integration solution. The SOA Reference Architecture also contains a set of services that are oriented toward the integration of people, processes, and information. These services control the flow of interactions and data among people and automated application services in ways appropriate to the realization of a business process: - Interaction Services provide the capabilities required to deliver IT functions and data to end users, meeting the end-user's specific usage preferences. - Process Services provide the control services required to manage the flow and interactions of multiple services in ways that implement business processes. - Information Services provide the capabilities required to federate, replicate, and transform data sources that may be implemented in a variety of ways. Automated application services, implementations of business logic in automated systems, are a critical part of any integration architecture or solution. Many of these services are provided through existing applications; others are provided in newly implemented components; and others are provided through external connections to third party systems. Existing enterprise applications and enterprise data are accessible from the ESB through a set of access services. These Access Services provide the bridging capabilities between legacy applications, pre-packaged applications, enterprise data stores (including relational, hierarchical and nontraditional, unstructured sources such as XML and Text), etc and the ESB. Using a consistent approach, these access services expose the data and functions of the existing enterprise applications, allowing them to be fully re-used and incorporated into functional flows that represent business processes. Existing enterprise applications and data leverage the Business Application and Data Services of their operating environments such as CICS, IMS, DB2, etc. As these applications and data implementations evolve to become more flexible participants in business processes, enhanced capabilities of their underlying operating environments, for example support of emerging standards, can be fully utilized. The SOA Reference Architecture also contains a set of Business Application Services that provide runtime services required for new application components to be included in the integrated system. These application components provide new business logic required to adapt existing business processes to meet changing competitive and customer demands of the enterprise. Design and implementation of new business logic components for integration enables them to be fully re-useable, allowing them to participate in new and updated business processes over time. The Business Application Services include functions important to the traditional programmer for building maintainable, flexible, and re-useable business logic components. In many enterprise scenarios, business processes involve inter-actions with outside partners and suppliers. Integrating the systems of the partners and suppliers with those of the enterprise improves efficiency of the overall value chain. Partner Services provide the document, protocol, and partner management services required for efficient implementation of business-to-business processes and inter-actions. Underlying all these capabilities of the SOA Reference Architecture is a set of Infrastructure Services which provide security, directory, IT system management, and virtualization functions. The security and directory services include functions involving authentication and authorizations required for implementing, for example, single sign-on capabilities across a distributed and heterogeneous system. IT Services Management Services include functions that relate to scale and performance, for example edge services and clustering services, and the virtualization capabilities allow efficient use of computing resources based on load patterns, etc. The ability to leverage grids and grid computing are also included in infrastructural services. While many of the Infrastructure and IT Service Management services perform functions tied directly to hardware or system implementations, others provide functions that interact directly with integration services provided in other elements of the architecture through the ESB. These interactions typically involve services related to security, directory, and I/T operational systems management. The SOA Reference Architecture is a complete and comprehensive architecture that covers all the integration needs of an enterprise. Its services are well integrated and are delivered in a modular way, allowing SOA implementations to start at a small project level. As each additional project is addressed, new functions can be easily added, incrementally enhancing the scope of integration across the enterprise. In addition to supporting SOA strategies and solutions, the architecture itself is designed using principles of service orientation and function isolation.
Main point: Now on the broader infrastructure and management question. SOA projects have unique characteristics that drive key infrastructure and management considerations. Whether your SOA implementations are driven by business needs to improve the efficiency and effectiveness of people, process or information or driven by IT needs to extend the use and reuse of existing applications and services, the common characteristics of SOA applications and the challenges it poses are: Applications reused in new dynamic ways: Where before a well defined application stack could have fairly predictable demand, the expansion of use in less well defined patterns can make demand far less predictable on the resources causing greater complexity in managing performance, availability and other quality of service issues. How do you predict demand and maintain performance and availability with new dynamic usage patterns? How do you ensure and deliver Quality of Service that depends on more, different and dynamic resources? How do you manage complex relationship of services, resources & configurations; Quality of Service = Performance, Availability, Prioritization of resources to meet SLA, Optimization of resources Services combined from multiple sources: This loose coupling of components can add new twists to managing quality of service. You need to have visibility to and control over not only the service level, but the myriad of components underneath. How do you deploy new interdependent services, while ensuring the quality of service of other services and composite applications? How do you and track the on-going changes and keep track of all configurations and service dependencies? Rapid deployment: Services can be rapidly deployed. While this is certainly a benefit, given the interconnections with other components and services, combining the ability to release quickly with the potential for broader impact takes release management to a new level and is an important consideration. In addition this rapid deployment capability has impacts on the predictability of demand and performance as well. Rapid Deployment of SOA services translates into rapid increase in the complexity of the applications environment How do you inhibit the increasing costs of management this environment? How do you identify and deploy the components and ensure Integrity of SOA services with its existing relationships? How do you monitor, manage and prioritize performance, availability of interdependent services, applications and resources? How do you check the proliferation of duplicate or overlapping services? Services route to any available resource: This virtualized nature of resources says that in any instance they may run on a different set of resources. So if something goes wrong, figuring out the cause of the problem can be more difficult. In addition, traditional charge-back mechanisms for IS resources need to adjust to notion of virtualization. How do you control, manage and track resource utilization for IT financial management? How do you ensure the scalability of the service and the underlying infrastructure? How do we coordinate problem resolution across all parts of the organization?” Distributed access: The benefit services provide in broadening access to information and applications also presents greater security risks along with it. Centralized security must adjust to the distributed access and become federated to enable clients to protect their assets and maintain security compliance. How do you protect application and data from unauthenticated, unauthorized access independent of the users ? How do you ensure that when a service get reused, the new services does not expose it to unauthorized users? How do you administer and manage identities of users distributed across departmental, organizational or enterprise boundaries? How do you deliver the right information to the right users at the right time and in the right context? You need to control Access of Services, Applications and Data and Provisioning Identities and Federation of security credentials ************************ Infrastructure and Services security —How do we secure services, and how does this affect my overall infrastructure security goals? Systems performance —How will XML transformation, between our legacy and distributed systems, affect application performance? Availability/Recoverability/Reliability —What happens if one of my services is unavailable? Where are my applications located, and what are my dependencies between my business partners? How do I restore and resynchronize any associated data and metadata to keep data consistency? Scalability —How do I ensure that the infrastructure will grow in line with volumes? Manageability —How do I manage my services to tell whether they are available and performing? How do I validate my applications and ensure that they are meeting business goals?
SOA has the same fundamental performance problems as a distributed J2EE world plus more potential overhead. As a result J2EE design best practices can be leveraged on what to do or not do. Increased requirement for XML processing can cause performance impact Messaging is key to composite application performance Performance costs increase exponentially as the suspend/resume points increase Response time estimation is more challenging, especially for complex components such as the ESB Throughput and response time targets must be set at ‘Coarse Grained’ Business Service level and then mapped down to the ‘finer grained’ IT service component level Significant new challenges faced when performance testing an SOA application Dynamic variations in the end-to-end flow, variations in messaging state, ESB with multiple routings and hops, etc Measure service levels for SOA across corporate organizational boundaries Transition line: a
Since Web services is mostly XML based, and XML is text heavy and verbose, consideration should be paid to addressing the challenges of increased metadata. Impact to the network, parsing requirements, security steps and text translation must be considered when engineering a SOA solution. Insight into composite applications is key. Today’s business processes often depend on composite applications that span Web servers, J2EE application servers, integration middleware and mainframe systems. Although most businesses have traditional monitoring tools to manage individual resources at a high level, many lack an integrated solution to automatically monitor, analyze and resolve end-user response time problems. As a result, operations and development may take a long time to identify, isolate and fix transaction problems impacting customer satisfaction. Tools such as the IBM Tivoli Composite Application Manager (ITCAM) for Response Time Tracking can help you avoid critical Web services performance problems by discovering, isolating and decomposing the Web services calls into the underlying components (Enterprise Java Beans, Servlets, Java Connector Architecture, DB2 etc.), allowing for true root-cause analysis of Web services performance and availability failures. Transition line: This leads to another important consideration for SOA …
From Eugene Kuznetsov Tim Henrion – relying on a solution to benchmark itself violates the most basic rules of testing When testing an SOA Appliance Testing labs often fail to provide enough back-end servers to saturate the XML processing engine Tools & systems sufficient to saturate existing systems are not sufficient for testing a hardware appliance Using internal utilization metrics reported by the device to estimate total device capacity delivers erroneous results Network is often responsible for the bottleneck that is attributed to the XML processing engine
Main Point: The new Rational Performance Tester Extension for SOA Quality works with the Rational Tester for SOA Quality product to supply additional performance testing capability. In an environment where a service may be used in multiple composite business applications, understanding the impact of changing the service will be key for maintaining a high level of application performance and availability. Built on same platform at Rational Tester, but expanded for performance tester. Flexible workload modeling enables automated generation of web service test client Automated generation of web service performance tests As highlighted on the previous slide, leveraging the modeling to generate perfomance tests. We generate test cases specific for load testing, using virtual testers who act as real and multiple users. Reporting Reporting in RPT 7.0 was improved significantly. Tester for SOA Quality leverages all the new reporting advancements. (Examples in screenshots.) Find bottlenecks -- root cause and problem determination SOA means our composite applications are even more composite and the response time are even more important and must be understood, along with the interactions between services. To track and understand the response times, we generate ARM trace data and also import ITM resource times to help understand the bottlenecks earlier and at the web service level. ARM instrumentation at the web service level saves time and the ability to test and trace web service responses before rolling into production. This is essential when testing complex composite applications. Flexible test customization thru java code insertion If you want to do very complex tests, you can with our tool. Although we do not expect it to be the common scenario, you can add java code instead of using the graphical editor to define and execute very complex and unique tests. With the Java code insertion ability, you can get as complex and detailed as you would like. Features: Load testing of Web services Real-time reporting of server response time and throughput A graphical schedule editor for workload and user population modeling System resources and transactions monitoring of SOA applications
The performance model should be created and maintained through out the project lifecycle as the application is built Techniques such as Pool / thread funnelling can help ensure that the infrastructure is not overwhelmed by unknown loads Caching strategy should be part of the design Keep the number of hops through the application components to a minimum Careful consideration should be given to the number of times the data has to be persisted An SOA appliance can help accelerate XML performance: Offload XML processing Hardware acceleration can provide higher performance Easy configuration & management
There is an increased number of components in an SOA Infrastructure Distributed Application Services (.NET, MQ, WebSphere, BEA, Legacy) Each component requires it’s own availability architecture The more components in the transaction, the greater the risks for failure or human error Workload Management, High-Availability Manager (HAM), Deployment Manager Some components may require both hardware and software clustering Databases, Enterprise Messaging Infrastructure, SOA Appliances Transition line: let’s illustrate an SOA high-availability transaction model
Eight techniques for achieving High Availability 1. Faster machines The goal is to increase the ability to do more work in a unit of time by processing tasks more rapidly. A faster machine can be achieved by upgrading its hardware or software. 2. Replicated machines The primary goal is to service more client requests. Parallelism in machine clusters typically leads to improvements in response time. Moreover, system availability is improved due to failover safety in replicas. 3. Specialized machines The goal is to improve the efficiency of a specific component by using a special-purpose machine to perform a required action. These are usually dedicated machines that are very fast and optimized for a specific function. Examples are network appliances and routers with cache, such as the IBM WebSphere Edge Server. 4. Segmented workloads The goal is to split up the workload into manageable chunks, thereby obtaining more consistent and predictable response time. The technique also makes it easier to manage workload distribution on individual servers. Combining segmentation with replication frequently offers the added benefits of providing an easy mechanism for redistributing work and scaling selectively as business needs dictate. 5. Request batching The goal is to reduce the number of requests sent between requesters and responders (such as between tiers or processes). This is accomplished by defining new requests that combine multiple requests. 6. User data aggregation The goal is to allow rapid access to large customer data controlled by existing system applications and to support personalization based on customer-specific data. The technique calls for aggregating customer data into a Customer Information Service (CIS). A CIS that is kept current can provide rapid access to customer data for a very large number of customers, thereby providing the required scalability. 7. Connection management The goal is to minimize the number of connections needed for an end-to-end system, as well as to eliminate the overhead of setting up the connections. This is accomplished by maintaining and sharing a pool of preestablished connections that can be reused. In WebSphere, this is referred to as connection pooling . Reusing existing database connections conserves resources and reduces latency for application requests, thereby helping to increase the number of concurrent requests that can be processed. Managing connections properly can improve scalability and response time. 8. Caching Caching is a key technique to reduce hardware and administrative costs and to improve response time. The goal is to improve performance and scalability by reducing the length of the path traversed by a request and the resulting response, and by reducing the consumption of resources by components when the same content is requested multiple times or by multiple users.
KEY MESSAGES Service management allows our clients to answer three basic but important questions…. A. What is happening with the infrastructure? B. How does this relate to the business service, eg Claims processing? C. What actions do we need to take to correct the problems? The key innovations involved in answering these questions involve the areas of event management, business service visualization and process automation Brief example of each
If we look at these 3 questions in a bit more detail, IBM Service Management delivers broad capabilities in each of these areas: (talk to several of each … don’t talk to all)
Main point: An SOA environment increases the number of identities to manage, the number of enforcement points and the types of threats that can be encountered. Therefore extending security for SOA means focusing on Identity Management and Service Assurance. And since compliance with regulations and service level agreements remains a focus for today’s enterprise, company’s must find ways to ensure auditability despite the composable nature of the environment. Organizational/enterprise boundaries Perimeter is obscure Identities are managed across boundaries Trust relationships are established across boundaries Composite applications Ensuring proper security controls are enacted for each service and when used in combination Greater focus on data/information Protecting data at transit and at rest Apply consistent protection measures Access to data by applications and services Governance, Risk, and Compliance Auditing ie. entity identification to specific transactions
Potential threats in an SOA Lack of client invoked Identity Liability from Business Partners and Internal Business Units Traditional application/data level attacks WSDL may expose some internal application interfaces Considerations for threat management Interoperability issues Standards don’t address XML Viruses, XML DoS Threat models are evolving Identity Federation and Web Services requires trust Need to have confidence in received identities This trust is based on agreements between partners Trust can be enabled by technology Cryptographic keys used to sign Security Tokens Security tokens include identity information Including role and other agreed attributes Technology needs to be standards based Agreed token format Agreed information content Agreed signing and encryption methods
Integrate the IT processes - drives integration across the It resources Process integration, decoupled processes and applications from a rigid infrastructure
Main point: Let's take a closer look at the virtualization technology in WebSphere XD and the benefits from using those capabilities in your IT infrastructure. We’ll start with the workload virtualization technology. Dynamic cluster is a set of virtual servers similar to a static cluster, but with a crucial difference in that the number and placement of cluster members may vary over time. WebSphere XD will share these resources across the application workload. The enhanced service workload management capabilities of WebSphere Extended Deployment ensure that user requests are classified, prioritized, queued and routed to servers based on application operational policies which are tied to business goals. Application performance is optimized according to these policies that reflect service level goals and relative importance to the organization. When new applications are added it doesn’t necessarily mean that new server hardware has to be deployed, if resources are available in the pool. Application Edition Manager enables interruption-free deployment and management of application versions. This capability lets you apply application updates to a production environment with no downtime. The Application Edition Manager also provides an application versioning model that supports multiple deployments of the same application in a WebSphere cell, each distinguished by a unique edition number. The benefits of Workload Virtualization include: Server resources can be used more effectively by establishing a shared pool of servers and allowing WebSphere XD to place work requests according to agreed upon service goals. Constant monitoring of application progress against service goals allows WebSphere XD to quickly adapt to workload changes. By managing the servers as a shared resource pool WebSphere XD can drive up utilization across the pool to achieve SLA’s under demanding workload situations. To improve manageability of virtualized and heterogeneous environments through real-time insight into utilization and health WebSphere Extended Deployment delivers visual operational and health monitoring capabilities for proactive detection and correction of application and server issues. This allows operators to see at a glance what is happening in the infrastructure and the relative health of the application resources. Actions necessary to keep applications on track can be automated or handled manually by operators. Now, let’s look at the information virtualization technology. ObjectGrid: this feature provides a customizable, pluggable object caching framework that allows applications to share object data using a variety of consistency models. Object data can be application data retrieved from a common data source such as a database or file system, or short living objects such as session data (for example, shopping cart information). Objects can be stored in the grid and then accessed from multiple applications, reducing the number of trips to the data source and avoiding the cost of repeatedly recreating objects. Additionally, if one server fails in the ObjectGrid, other servers in the grid will have the object cached and can supply the object with little or no loss of service. The ObjectGrid is available as a feature in WebSphere XD or as a standalone product capable of executing within any J2EE or J2SE JVM running on at least J2SE 1.4 JDK. The WebSphere XD partitioning facility allows you to design applications that divide logic and data into partitions which can be mapped to available servers. This allows you to cache information much more efficiently than if the request had gone to a random server. The partitions can be adjusted to provide better performance or to account for a server that becomes unavailable. Together with sophisticated algorithms to manage the workload, these techniques using WebSphere Extended Deployment may allow you to achieve near-linear scalability as the transaction load increases and very fast recovery time in the event that a server should go down. The benefits of information virtualization include: Reduced load on backend data store providing a way to offload work from the data tier. Improving transaction throughput and response time . As transactions execute in memory without the need to do time-costly I/O operations the ability to drive higher transaction volumes increases. Achieve near-linear scalability by combining Objectgrid caching with application partitioning via the partitioning facility. Constant tuning won’t be required to meet growing application volumes. Instead, WebSphere XD’s high performance OLTP features can enable you to meet growing workload demands. For IT executives who need a flexible, scalable, highly available foundation for their Web applications, the GTS offering, Web infrastructure optimization and virtualization, decreases the risk and improves the time to value for designing and implementing a business grid environment based on IBM WebSphere® Extended Deployment software.
Now optimization issues are covered partly in C&R. In fact, we present XML traffic acceleration.
Service Oriented IT Infrastructure Malta, feb 5th, 2008 Juan Claudio Agui IBM Technology Services [email_address]
Service Oriented Architecture and IT Infrastructure
What is SOA ?
Why it is important to have a vision of SOA that includes the IT Infrastructure ?
What is the “SOA Infrastructure”
New key components in the SOA World
Key success factors for a Factores clave de Éxito en una infrastructura SOA
A SOA Project: Services and Architecture design
“ Elevator Pitch” : Why think on the IT Infrastructure when initiating a SOA project ?
What is SOA ? How is the new SOA IT Infrastructure
Analysts suggest that Services Oriented Architecture will be a key tool for enabling change and alignment between business and IT Top Challenges in Managing IT Source: AMR Research, 2005 Top Expected Benefits of Services Oriented Architecture Integration Takes too long for IT to respond to changing requirements Can’t configure business processes as needed Faster and more flexible reconfiguration of business processes Cost of managing IT is too expensive Too hard to get ROI from upgrades Decrease of operational costs of information technology and business processes SOA is a strategy for designing software that helps eliminate the distinction between business processes and the technologies that enable them.
A Services Oriented Architecture (SOA) allows you to expose key IT capabilities and make them available in new ways … and breaks them down into services… These services can be integrated and used to build new capabilities… A service-oriented architecture (SOA) is an architectural framework that takes business applications… … supporting new functionality from within your current portfolio or from your extended value chain. … that can be made available for use independent of the applications and the computing platforms on which they run. Services … or repeatable business task – e.g., open new account, check credit history New Capabilities Hybrid Credit Product System (new) WebCredit Portal Access (new) Partner Service SOA Definition Business Applications Fixed Rate Mortgage System Adjustable Rate Mortgage System Unsecured Loan System Integrated Statement Processor Mainframe/Legacy .NET Custom J2EE Packages Request Answer Service
Example: A mortgage bank uses SOA to build a new hybrid credit product and a web portal as a new channel Business Applications New Offerings and Applications Services Hybrid Credit Product System (new) Submit Loan Application Calculate adjustable rate Check mortgage balance Check credit score Partner Service A bank has multiple systems for its various mortgage products and processes These systems can be broken down to expose the basic services they perform, such as submitting a loan application and calculating interest rates The services can be re-arranged to offer new products, such as a hybrid credit product that combines features of a fixed and adjustable mortgage, and a web portal that offers access to all credit products Fixed Rate Mortgage System Adjustable Rate Mortgage System Unsecured Loan System Integrated Statement Processor Submit Loan Application Select loan duration Determine Risk Profile Calculate adjustable rate Display Balance Due Calculate available credit Check mortgage balance Send billing notification WebCredit Portal Access (new) Send Billing Notification Display Credit Score
There are two forces behind SOA that differentiate it from previous architectural approaches
Maturing technology standards (web services) are the game changing aspect that allow for a new level of interaction and provide for a common standard that supports:
New component development
Transformation and integration of existing applications
A new paradigm shift designing software as linked services changes the way software is designed and developed
Software developed and integrated by linking defined services
Services exposed from your existing, company portfolio of applications
Services exposed from new applications you are building
Services exposed from your partners systems or systems in your value chain
Called services orientation , this thinking enables a tighter alignment of business and technology.
Businesses are experiencing tremendous benefits as they put SOA into practice, such as increased revenues, decreased costs, and enhanced flexibility
SOA Impacts All Areas! Process People Reuse Connectivity Information Business view Process to optimize IT flexibility
The SOA Reference Model links the value of both Functinal and Technical teams Servers, Networks, Storage, Devices Physical Infrastructure ESB, Service Mgmt, Data Mgmt and Integration, Security Mgmt, Virtualization & Orchestration Middleware Processes Services Applications Virtualized Infrastructure “ Functional“ focus is on “ WHAT ” the processes and services should be, how to liberate services from applications and how to govern the services across lines of business. Technology focus is on “ HOW ” to integrate applications with IT infrastructure, simplifying interfaces, deploying a stable, robust infrastructure to support the business, and the operational management and efficiency of the IT. SOA Infrastructure Governance Data Architecture & BI Quality of Service Integration ESB Operational Systems Service Components Services - atomic and composite Business Process Consumers Packaged Appl. Custom Application
SOA Reference Architecture: Supporting your SOA Lifecycle Business Innovation & Optimization Services Development Services Interaction Services Process Services Information Services Partner Services Business App Services Access Services Integrated environment for design and creation of solution assets Manage and secure services, applications & resources Facilitates better decision-making with real-time business information Enables collaboration between people, processes & information Orchestrate and automate business processes Manages diverse data and content in a unified manner Connect with trading partners Build on a robust, scaleable, and secure services environment Facilitates interactions with existing information and application assets IT Service Management Infrastructure Services Optimizes throughput, availability and performance Apps & Info Assets ESB Facilitates communication between services
Un conjunto de hardware y software que soporta las aplicaciones y sobre el que se construye una arquitectura orientada a servicios
Basada en estándares abiertos
Orientada a la Información
Service & event enabled
Portal Business Process Choreographer Process models Enterprise Service Bus Match and route messages Transform messages Distribute business events Activity Monitoring Service Registry and Repository Application Presentation Services Integration & Event Services ERP Apps Custom Apps ISV Apps Infrastructure Clustering Security Provisioning Configuration Data Management Directories Identity Management Web Cache Data and Metadata Services Activity Monitoring
SOA Governance Model Skills Infrastructure & Tools Skills Infrastructure & Tools Principles, Policies, Standards & Procedures Implemented by Monitors & Metrics Governance Mechanisms Managed by Monitored by SOA Vision Communication Exception/Appeals Vitality Compliance Organizational Change Management Governed Processes Service Design Service Transition Service Strategy Service Operation SOA Strategy Service Modeling Service Design Service Testing Service Deployment Service Delivery Service Architecture Define Service Funding Security Management Service Assembly Service Ownership Event Management & Service Monitoring Service Support Supported by
Accurate application maps show you what is important
Find the “Last Change” before a problem shows up
Simplify impact analysis
Notice when Configurations change and notify operations
Keep “bit-rot” from impacting operational readiness
Dynamic Service Support Dynamically Changing Service and Application Relationships Discover Services Relationships & Dependencies Service Reconciliation Service Registry & Repository
Support Change Process
Use to validate that planned changes were executed and that the results are as expected
What applications does a component support?
Reduce unintended consequences
Logical Elements of an SOA Management Solution Security PEP Enterprise Identity Directory Identity and Access Management Services Management Application Server CICS/ IMS/ DB2 Container PEP Enterprise Auditing and Data Warehousing Web Services Web Services Service Requestor Container PEP Integration PEP Service Registry & Repository Systems Management Portal and Service Level Reporting
Integrated Visibility of SOA Resources Services atomic and composite Operational Systems Service Components Consumers Business Process Composition; choreography; business state machines Service Provider Service Consumer Integration (Enterprise Service Bus) QoS Layer (Security, Management & Monitoring Infrastructure Services) Data Architecture (meta-data) & Business Intelligence Governance Channel B2B Packaged Application Custom Application OO Application Integrated Reporting Service Management Application Monitoring Resource Monitoring Resource Monitoring Transaction Tracking Integrated Console
How do we identify and authenticate the service requester?
How to we identify and authenticate the source of the message?
Is the client authorized to send this message?
Can we ensure message integrity & confidentiality?
How do we audit the access to services?
How do we leverage Web services security standards?
How do we propagate identities with trusted service providers?
XML Web services may expose backend systems in unintended ways
SOA security may require multiple layers of enforcement – perimeter, gateway, app server, application
Traditional security devices do not secure XML/SOAP
Extending Security for SOA Identity, Assurance and Compliance
End-to-end identity propagation from silos to services
Control access levels to services with trusted identities
Provision identities automatically to reduce costs
Identity & access control across services Assure service security with message and user-based protection
Unified trust management to create secure communities
Secure XML messaging and threat protection
Identity-driven security across heterogeneous domains & environments (applications, services, data & transactions)
Monitor and enforce policies for audit & compliance
Enterprise security monitoring, management and reporting
Consistently enforce security policies for services
Automate user account validation to enforce access policies
Identity and Access Control Assurance Compliance
Logical Elements of SOA Security Security PEP Enterprise Directory Identity and Access Management Trust Management Application Server CICS/ IMS/ DB2 JAAS/ JACC Enterprise Auditing and Data Warehousing Web Services Web Services Service Requestor WSSM Integration PEP Systems Management Portal and Service Level Reporting Policy Management Line of Business Security Risk Assurance Network Operations ws - trust ws - trust
SOA Security – Trust Model Requestor Policy Security Token Security Token Service Policy Security Token Provider Policy Security Token Claims Claims Claims 1. Get Token 2. Send Message (including token) 3. Validate Token
Identity Federation and Web Services requires trust
This trust is based on agreements between partners & expressed as policies
Trust can be enabled by technology
Trust requirements expressed as infrastructure policies and requirements
Security tokens include identity information; Cryptographic keys used to sign Security Tokens
Technology needs to be standards based
Standard ways to express and exchange policies that reflect trust relationships
Agreed token format, information content, signing and encryption methods
XML Security Appliances Can Simplify and Accelerate SOA Security
XML/SOAP firewall enables filtering on any content, metadata or network variables
Incoming and outgoing XML and SOAP is validated at wire speed
Security can be performed at the field level
Encrypt & sign individual fields
Provides XML/Web services access control
IP Firewall Internet Application Server XML Security Appliance Access & Identity Management
Are hardened security devices – Penetration tested
Are purpose built embedded systems – Optimized for SOA processing
Are highly configurable – Simplified SOA architecture
Are able to process all formats of data (XML and others)
Are standards based – Work with existing infrastructure
Are used to address XML processing performance issues
Are used to augment standard infrastructure security
Can be used for light-weight message transformation
Are Not a general purpose server with some pre-loaded software
Are Not running a full standard operating system
The Emergence of SOA Appliances
Virtualization Decouples IT Infrastructure from Applications Windows Server Unix Server Linux Server Networking Storage Virtualization Storage Servers Networking Windows Servers Linux Servers Unix Servers Management Servers Networking Consolidated Complex Virtualized Application Application Application
Islands of computing and data
Physical resources are bound to applications
Disparate management tools
Fewer devices and licenses
Physical resources still bound to applications
disparate management tools
Labor intensive provisioning
Pools of resources
Logic and physical resources decoupled
Standardized, automated infrastructure management
Value of a dynamic infrastructure for SOA implementations Support dynamic workload Increased integration required Decoupling of application from business process Need to meet Service Quality demands Manage to service levels & business goals Predict & manage across linked services Virtualized systems with access and resource pooling across a shared infrastructure Integration middleware connects processes Storage virtualization allows info sharing Manage virtualized infrastructure response to meet workload demands
End-to-end Virtualization Workload Virtualization Information Virtualization
Use server resources more effectively
Quickly adapt to changing workload and business requirements
Drive up utilization, achieve SLA
Automate selected admin functions to reduce complexity
Relieve load on backend data store
Improve transaction throughput & response time
Achieve near-linear scalability
Reduce or eliminate need for constant tuning
Consolidate resources into a single virtual pool
Improved asset utilization
Dynamically allocate processing capabilities
SOA Implications on Non-functional Requirements
Infrastructure and Services security —How do we secure services, and how does this affect my overall infrastructure security goals?
Systems performance —How will XML transformation, between our legacy and distributed systems, affect application performance?
Availability/Recoverability/Reliability —What happens if one of my services is unavailable? Where are my applications located, and what are my dependencies between my business partners? How do I restore and resynchronize any associated data and metadata to keep data consistency?
Scalability —How do I ensure that the infrastructure will grow in line with volumes?
Manageability —How do I manage my services to tell whether they are available and performing? How do I validate my applications and ensure that they are meeting business goals?
A dual path, for functional and Technical SOA adoption Strategy and Planing Design Implementation SOA Strategy Application Services Middleware Services Infrastructure Services Business Services SOA Governance and Project Management Test + Cutover Business Monitoring Infrastructure Roadmap Infrastructure Design Service Management Design Infrastructure Rollout Security Orchestration Virtualization Service Management and Monitoring Management Service Management Configuration Process Modeling Service Design Service Development Service ssembly
#1: <Bank> ESB PoC: Logical Architecture Service Registry & Governance (WSRR) Enterprise Service Bus (WESB + WMB) Business Process Management (WPS) WID : Websphere Integration Developer WMB : Websphere Message Broker WMB FE : WMB File Extender WTX : Websphere Transformation Extender File Handling (WMB FE) Interactive Applications (.Net) Back-End Applications (CICS/zSeries) Web Services Web Services BPEL Process Development (WID) Direct: Connect File Adapter WESB : Websphere Enterprise Bus (standalone or built-in WPS) WPS : Websphere Process Server WSRR : Websphere Registry & Repository Data Transformation Unit (WTX) Packaged Applications (ISVs) Web Services Adapters Phase 1
#2: <Telco> SDP PoC Caller ID Notification Service: “Call Control functionalities can route incoming calls to be presented (Caller ID) on the TV and the PC.”
#2: <Telco> SDP PoC SMS Voting : “This service enables voting while watching TV, using the mobile. Notification channels can be IPTV and the mobile.”
The role of IT Technical Architecture in SOA Projects: “An Elevator Pitch” The success of an SOA Project also requires the planned satisfaction of new requirements regarding Performance, Availability, Service Management, Security, and Virtualization on the underlying development, management, and production technical architectures. Moreover, an Enterprise SOA Architecture will require a well designed integration and connectivity architecture, with specific components, like the ESB, a BPM, and the services Registry; they are now a key part of the IT Infrastructure.
Thank You Merci Grazie Gracias Obrigado Danke Japanese French Russian German Italian Spanish Brazilian Portuguese Arabic Traditional Chinese Simplified Chinese Hindi Tamil Thai Korean