Enterprise Service Bus at DOL

  • 691 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
691
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
42
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. DOL SOA IMPLEMENTATION DOL SOA Implementation Overview August 25, 2008
  • 2. DOL SOA IMPLEMENTATION Infrastructure Overview
  • 3. DOL SOA IMPLEMENTATION P570 Hardware Virtualization and LPAR’s 3
  • 4. DOL SOA IMPLEMENTATION Installed Software Installed Software Data Center 1 Data Center 2 LPAR LPAR IBM HTTP Server AIX 5.3 & IBM Http Server 6.1.0.13 AIX 5.3 & IBM Http Server 6.1.0.13 IBM HTTP Server WebSphere Application WebSphere Process Server AIX 5.3, WAS 6.1.0.13 & WPS 6.1.0.1 AIX 5.3 & WAS-ND 6.1.0.13 Location 1 Server Location 2 p570-SN10EC3CD Power5+ Max CPUs: 16 WebSphere Application WebSphere Server registry p570-SN10EC3BD Owned: 16 Server AIX 5.3 WAS 6.1.0.13 & WSRR 6.1.0.2 repository Power5+ Max CPUs: 16 Memory: 48 AIX 5.3 & WAS 6.1.0.13 Owned: 16 Memory: 48 WebSphere Server registry WebSphere Message repository Broker AIX 5.3, WAS-ND 6.1.0.13 & WSRR AIX 5.3 & WMB 6.1.0.2 6.1.0.2 WebSphere Message WebSphere Federation Broker Server AIX 5.3 & WFS 9.1 AIX 5.3 & WMB 6.1.0.2, , WebSphere Federation WebSphere Process Server Server AIX 5.3, WAS-ND 6.1.0.13 & WPS AIX 5.3 & WFS 9.1 6.1.0.1 WebSphere IICE Server WebSphere IICE Server AIX 5.3, WAS-ND 6.1.0.13 & IICE 8.4 AIX 5.3, WAS 6.1.0.13 & IICE 8.4 IBM HTTP Server IBM HTTP Server WebSphere Application WebSphere Application AIX 5.3 & IBM Http Server 6.1.0.13 AIX 5.3, IBM Http Server 6.1.0.13 Server Server WebSphere Server registry WebSphere Process Server repository AIX 5.3 & WAS-ND 6.1.0.13 AIX 5.3 & WAS-ND 6.1.0.13 WebSphere Federation WebSphere Message Server Broker AIX 5.3, WAS-ND 6.1.0.13 & WPS AIX 5.3, WAS-ND 6.1.0.13 & WSRR 6.1.0.1 VIOS 1 6.1.0.2 WebSphere IICE Server AIX 5.3 & WFS 9.1 AIX 5.3 & WMB 6.1.0.2 VIOS 2 VIOS 1 Legend: AIX 5.3, WAS-ND 6.1.0.13 & IICE 8.4 VIOS 2 Legend: = Production = Production == Staging Staging == System System 4
  • 5. DOL SOA IMPLEMENTATION Global Load Balancing and Software Clustering 5
  • 6. DOL SOA IMPLEMENTATION 6
  • 7. DOL SOA IMPLEMENTATION Installed Software Installed Software Data Center 1 Data Center 2 LPAR LPAR IBM HTTP Server AIX 5.3 & IBM Http Server 6.1.0.13 AIX 5.3 & IBM Http Server 6.1.0.13 IBM HTTP Server WebSphere Application WebSphere Process Server AIX 5.3, WAS 6.1.0.13 & WPS 6.1.0.1 AIX 5.3 & WAS-ND 6.1.0.13 Location 1 Server Location 2 p570-SN10EC3CD Power5+ Max CPUs: 16 WebSphere Application WebSphere Server registry p570-SN10EC3BD Owned: 16 Server AIX 5.3 WAS 6.1.0.13 & WSRR 6.1.0.2 repository Power5+ Max CPUs: 16 Memory: 48 AIX 5.3 & WAS 6.1.0.13 Owned: 16 Memory: 48 WebSphere Server registry WebSphere Message repository Broker AIX 5.3, WAS-ND 6.1.0.13 & WSRR AIX 5.3 & WMB 6.1.0.2 6.1.0.2 WebSphere Message WebSphere Federation Broker Server AIX 5.3 & WFS 9.1 AIX 5.3 & WMB 6.1.0.2, , WebSphere Federation WebSphere Process Server Server AIX 5.3, WAS-ND 6.1.0.13 & WPS AIX 5.3 & WFS 9.1 6.1.0.1 WebSphere IICE Server WebSphere IICE Server AIX 5.3, WAS-ND 6.1.0.13 & IICE 8.4 AIX 5.3, WAS 6.1.0.13 & IICE 8.4 IBM HTTP Server IBM HTTP Server WebSphere Application WebSphere Application AIX 5.3 & IBM Http Server 6.1.0.13 AIX 5.3, IBM Http Server 6.1.0.13 Server Server WebSphere Server registry WebSphere Process Server repository AIX 5.3 & WAS-ND 6.1.0.13 AIX 5.3 & WAS-ND 6.1.0.13 WebSphere Federation WebSphere Message Server Broker AIX 5.3, WAS-ND 6.1.0.13 & WPS AIX 5.3, WAS-ND 6.1.0.13 & WSRR 6.1.0.1 VIOS 1 6.1.0.2 WebSphere IICE Server AIX 5.3 & WFS 9.1 AIX 5.3 & WMB 6.1.0.2 VIOS 2 VIOS 1 Legend: AIX 5.3, WAS-ND 6.1.0.13 & IICE 8.4 VIOS 2 Legend: = Production = Production == Staging Staging == System System 7
  • 8. DOL SOA IMPLEMENTATION 8
  • 9. DOL SOA IMPLEMENTATION 9
  • 10. DOL SOA IMPLEMENTATION 10
  • 11. DOL SOA IMPLEMENTATION 11
  • 12. DOL SOA IMPLEMENTATION 12
  • 13. DOL SOA IMPLEMENTATION 13
  • 14. DOL SOA IMPLEMENTATION 14
  • 15. DOL SOA IMPLEMENTATION 15
  • 16. DOL SOA IMPLEMENTATION 16
  • 17. DOL SOA IMPLEMENTATION 17
  • 18. DOL SOA IMPLEMENTATION 18
  • 19. DOL SOA IMPLEMENTATION Enterprise Architecture Overview
  • 20. DOL SOA IMPLEMENTATION SOA, ESB and BPEL SOA : Service Oriented Architecture is a business-centric IT architectural approach that supports integrating business as linked, repeatable business tasks, or services. ESB : Enterprise Service Bus is an architectural pattern to integrate and manage services, not a software product. We can form an ESB with different software products leveraging specific functionality of each product to meet unique requirements. BPEL : Business Process Execution Language is a standards-based way of orchestrating a business process composed of services. NYSDOL enterprise architecture implements SOA on top of an ESB, so that we could have the virtues of SOA, with room to grow. We have also added BPEL to ESB (Process Server) to easily compose new services out of existing services. 20
  • 21. DOL SOA IMPLEMENTATION ESB or BPEL ESB : Message routing, Message transformation, Protocol mediation, stateless transactions, integration middleware for off-the shelf products, security, logging, auditing, excellent performance, data-centric requirements. BPEL : Stateful long-running business processes or transactional micro flows, human tasks, business rules, complex logic, process centric requirements . ESB Pattern : Our ESB pattern is Gateway ESB pattern and provides a controlled point of external access to services. The gateway/ router is currently implemented as a software program in message broker which is separated from the hub where services are exposed. 21
  • 22. DOL SOA IMPLEMENTATION NYSDOL Enterprise Architecture for SOA based Applications Internal / External Agencies, External Users Web service clients Browser 1 HTTP(s) All External web service requests 1 Web Server 2 Policy 5 3 LDAP server 2 4 service requests (SOAP/HTTP) Rec Req Lookup Route 6 Port / Routing Gateway HUB Process services, Legacy & other services exposed WS WS WS Common WS WS WS logging service Message Broker ESB Asynchronous call Websphere Application Server Lookup endpoint / policy MQ / http(s) PS WSDL-E-WSDL (exposed on WMB) Generic mediation module to a PS1 PS2 lookup services in a process c WS WSDL b WS WS OS Legacy & other services – Q name / node in WMB OS d WS-Policies Websphere Process Server Websphere Service Registry and Repository Lookup to find endpoints for services / workflow policies MQ MQ MQ MQ Oracle Common Database Logging Database Mainframe PeopleSoft Content manager Xpressions Note: Web services are not exposed with E-WSDL in MB, instead they could either be invoked by process server (by BPEL in choreography) or by Message broker (composite service / simple services). 22
  • 23. DOL SOA IMPLEMENTATION Major Security Considerations in SOA SOA introduces new challenges to security as it lowers the barriers between applications (composite services formed with existing / new applications), overcomes technology differences, as interoperability is the key goal of SOA. Some of the new requirements of SOA security are The identity must be decoupled from the services. All entities in SOA have identities - users, services, and so on, that needs to be properly identified so that appropriate security controls can be applied. The need to seamlessly connect to other organizations on a real-time, transactional basis. Each new choreography might require examination of the security policy to ensure it remains valid for this new combination. The need to manage identity and security across a range of systems and services that are implemented in a diverse mix of new and old technologies Protection of business data in transit and at rest. Providing end-to-end message security is also a key requirement, because messages can be traversing different transport mechanisms and trust zones. In addition, access must be provided to information (and systems) based on business drivers. 23
  • 24. DOL SOA IMPLEMENTATION Security Aspects for SOA Functional Aspects: Authentication - Verifying identity of users Authorization - Deciding whether or not to permit action on a resource. Data Confidentiality – Protecting secrecy of sensitive data. Data Integrity – Detecting data tampering and making sure neither the sender nor the receiver can deny the message that they sent or received. Protections against attacks – Making sure attackers don’t gain control over applications. Privacy – Making sure the application does not violate the privacy of users. Audit - Important events need to be logged and available for real-time or later forensic review Non-Functional Aspects: Interoperability - This concern is specific to SOA, where different security solutions must not break compatibility of services that are otherwise compatible. Manageability - As many different services needs to be protected, the security solution must be easily manageable. Ease of Development – The security solution must be easy enough to adopt and implement. Availability – The security solution must not impact the availability of the services. 24
  • 25. DOL SOA IMPLEMENTATION Layered SOA and Security The layered SOA requires all of these security elements to be present in each layer across infrastructure, application, business services, and development services. 25
  • 26. DOL SOA IMPLEMENTATION New Security Approaches for SOA Message Level Security : Different parts of a message can be protected differently, to make them usable only by intended parties in the message path. Security as a service: Security service is central and not part of any application and could evolve in-line with business needs. It offers applications the ability to authenticate, authorize, encrypt/decrypt messages, sign/verify signatures and log messages Policy-driven Security : Security requirements must not be hard-wired into applications or services themselves. Instead security requirements should be separated from business logic and declared as policies. Policies could be business, architectural, operational. 26
  • 27. DOL SOA IMPLEMENTATION Datapower for SOA Security Datapower SOA security appliances are purpose-built, easy-to-deploy network devices. It provides integrated message-level security (supports WS-Security, WS-Policy, WS- SecurityPolicy, WS-ReliableMessaging, WS-SecureConversation, WS-Trust, SAML, and LDAP) . Provides detailed logging and audit trail. Helps in generating dynamic content, content based routing, enables higher performance at wire speed Provides protection against XML vulnerabilities by acting as an XML proxy and performing XML well-formedness checks, buffer overrun checks, XML schema validation, XML filtering, and XDoS protection . Provides centralized security functions and acts as an enterprise wide single security- enforcement point for XML and Web services transactions . It integrates with WSRR and other policy decision points like LDAP and Siteminder Policy server. Offers robust service level management, policy management, and Web services management support . 27
  • 28. DOL SOA IMPLEMENTATION NYSDOL Security Architecture for SOA based Applications Internal / External Agencies, External Users Web service clients Browser All External web service requests HTTP(s) (SOAP/ HTTP req) 1 Authentication/ authorization (could use X509/ 1 Kerberos / digital certificates/ SAML, siteminder etc) XML Threat detection Authenticate & authorize xml requests (http basic auth) 1a Encryption (outgoing) / decryption (incoming) Pass all authenticated request to XI50, log Web Server 2 Web Services Gateway unauthenticated requests(optionally notify) 1a LTPA Finer level Authorization Policy Message level security HTTP(s) LDAP 2 server 2a XML Validation /XML Acceleration 3 2a Audits, exception Logging, notification, Routing Generate LTPA Tokens / SAML Assertions for communication with service providers / backends service requests (SOAP/HTTP(s)) 4 2b HTTP / SOAP 3 HTTP(s) Websphere Service Registry and Websphere Application Server Repository LTPA (WSDL, XSD, WS-policies) LTPA MQ / http(s) Message Broker ESB Websphere Process Server MQ / http(s) MQ MQ MQ MQ Oracle Database Mainframe PeopleSoft Content manager Xpressions 28
  • 29. DOL SOA IMPLEMENTATION Service Development Overview
  • 30. DOL SOA IMPLEMENTATION HTTP Request Thin Client Servlet Container (Web Browser) HTTP Response JSF Pages Java/J2EE Business Object JMS / SOAP Service Mediation Integration Layer Message Broker and Enterprise Service Bus Service Provider Employer Profile Service Address Service Employer Tax Rate Service 30
  • 31. DOL SOA IMPLEMENTATION Integration Overview
  • 32. DOL SOA IMPLEMENTATION Message Broker Error and Exception Handling ESB Router Flow JNDI Nam e Properties jms/cf/ESB_QM Host: , Port: , Channel: … jms/queue/ESB.ROUTER.REQUEST Qname: ESB.ROUTER.REQUEST jms/queue/ESB.REPLY Qname: ESB.REPLY WSRR 32
  • 33. DOL SOA IMPLEMENTATION 33
  • 34. DOL SOA IMPLEMENTATION 34
  • 35. DOL SOA IMPLEMENTATION Router Overview
  • 36. DOL SOA IMPLEMENTATION ESB Router WMB ESB Router Service Consumer SOAP/HTTP SOAP/HTTP Service Provider S S Port S SOAP/HTTP Port SOAP/HTTP S-X X-S Service Consumer XML/WMQ XML/WMQ Service Provider X Port X Port X XML/WMQ XML/WMQ WSRR Decouple service consumers and service providers Provide a set of ports associated with specific protocols Route to any service providers using any protocol 36
  • 37. DOL SOA IMPLEMENTATION ESB Router HTTP WMB ESB Router Service Consumer SOAP/HTTP SOAP/HTTP Service Provider 1 3.1 Port SOAP/HTTP Port SOAP/HTTP 3.2 XML/WMQ Service Provider Port XML/WMQ 2 WSRR 1. Service consumer sends a SOAP request message over HTTP to the ESB 2. ESB Router looks up in WSRR for requested service provider 3. ESB routes the request to the service provider: 1. Listening for SOAP requests over HTTP 2. Listening for XML requests over WMQ/JMS 37
  • 38. DOL SOA IMPLEMENTATION ESB Router WMQ 1. Service consumer sends a XML message over WMQ to the ESB 2. ESB Router look up the WSRR for requested service provider 3. ESB route the request to service provider: 1. Listening for SOAP requests over HTTP 2. Listening for XML requests over WMQ/JMS 38
  • 39. DOL SOA IMPLEMENTATION Process Server Overview
  • 40. DOL SOA IMPLEMENTATION Business Process A business process is a sequential flow of execution paths described in WS- BPEL (Web Services Business Process Execution Language), including: Which services are invoked In Which order the services are invoked The transformation of data output from one service as input to another 40
  • 41. DOL SOA IMPLEMENTATION Message Broker Error and Exception Handling ESB Router Flow JNDI Nam e Properties jms/cf/ESB_QM Host: , Port: , Channel: … jms/queue/ESB.ROUTER.REQUEST Qname: ESB.ROUTER.REQUEST jms/queue/ESB.REPLY Qname: ESB.REPLY WSRR 41
  • 42. DOL SOA IMPLEMENTATION Benefit Charges Adjustment process Assembly Benefit Charges Adjustment process (Orchestration of composite services) (Service Provider / Service Consumer) ExperienceRatingAccount service (Service Provider) UITaxRateCalcRunner service (Service Provider) Service Service Service Provider Provider Consumer 42
  • 43. DOL SOA IMPLEMENTATION Benefit Charges Adjustment Process BPEL 43
  • 44. DOL SOA IMPLEMENTATION Mediation flow Assembly for WSRR lookup WPS_WSRR_TXRateMediation module looks for the services in WSRR using the lookup node. Lookup node retrieve the service end points & send the request to appropriate service . 44
  • 45. DOL SOA IMPLEMENTATION Error & Exception Handling Overview
  • 46. DOL SOA IMPLEMENTATION 46 ERROR AND EXCEPTION HANDLING FRAMEWORK
  • 47. DOL SOA IMPLEMENTATION Enterprise Service Bus Ext. App Listener Resolve/ Input queues Compensate Output queues Exception 1 Re-submit Process Detected 8 Retry queue Error Handling Flows 5 Automatic Retry 7.1 r Erro eck s Ch ule 4 Check Retry Exception Rules R MB Exception Policy & Action Console Notify - Email, Pager i on 2.1 t Proposed for Log n ca 3 6 o epti tifi NYDOL Exc No 7.2 2.2 Review exceptions Exception database Error queue Support Team 7.1 If the data is correct but the exception was due to systematic causes/conditions (db, application, adapter) then re-submit after the condition was corrected using Error properties. 7.2 If the exception is data related then an application support team member needs to review the exception and make a decision how will re-issue or compensate the transaction Error Properties & Action: This file will be used as properties files. It contains retry logic and action information against any errors. 47 ERROR AND EXCEPTION HANDLING FRAMEWORK
  • 48. DOL SOA IMPLEMENTATION WSRR Overview
  • 49. DOL SOA IMPLEMENTATION WebSphere Service Registry and Repository Publish: add new services that are available and can be managed •WSDL •XSD (business objects) Find: search for services using any metadata associated with that service •endpoint lookup •version of the services Enrich: has the ability to enhance services with useful artifacts •service availability •policy enforcement •notify users of changes 49
  • 50. DOL SOA IMPLEMENTATION WebSphere Service Registry and Repository con’t Manage: manage the lifecycle of services in the registry •enabling access control •promote/retire •change analysis through impact analysis Govern: provide a central point of overall governance •WPS, ESB, developer tools (RAD, WID, RSA, WBM) •Delete, Retrieve, Update, Manage/Govern, Create 50
  • 51. DOL SOA IMPLEMENTATION WebSphere Service Registry and Repository (to be) 1. For Service Providers • Manage multiple life cycles in the various stages of development • Development • Test • Staging • Production • Register • Define the whole process (for external users of WSRR) • Provide metadata • Endpoint • Service Name • Port Type • Cost • What??? • What does the service do? • What are the capabilities of the service? 2. Contracts • Private • Production • Public 51