• Like

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Paul Butterworth S O A Runtime Governance Practices

  • 392 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
392
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
7
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. This Presentation Courtesy of the International SOA Symposium October 7-8, 2008 Amsterdam Arena www.soasymposium.com info@soasymposium.com Founding Sponsors Platinum Sponsors Gold Sponsors Silver Sponsors SOA Runtime Governance Practices Paul Butterworth Chief Technology Officer AmberPoint, Inc October 2008 1
  • 2. Agenda  SOA Topologies  SOA Runtime Governance Practices  Discover  Manage Service Quality  Manage Business Transactions  Prepare for greater scale  Validate changes Based on experiences with ~200 users © 2008 AmberPoint, Inc. 3 Typical Service Network Topology  Services not applications Internal Services  Shared Order Entry  Dynamic Accounting  Federated Partner Credit firewall Shared Services External Services © 2008 AmberPoint, Inc. 4 2
  • 3. Typical Service Network Infrastructure Appliance Web Service Network Java Service Biz Application Service Bus DBMS Biz Application Mainframe Application In all but the newest of environments, “SOA” ≠ “Just Web Services & XML” © 2008 AmberPoint, Inc. Keys to Successful Governance and Management of SOA Applications  Continuous SOA Discovery  Service Management & Security © 2008 AmberPoint, Inc. 6 3
  • 4. Keys to Successful Governance and Management of SOA Applications  Business  Architects & Development   Operations  Continuous SOA Discovery  Service Management & Security  Business Transaction Management  Business System Validation  Closed Loop Governance © 2008 AmberPoint, Inc. 7 Agenda  SOA Topologies  SOA Runtime Governance Practices  Discover  Manage Service Quality  Manage Business Transactions  Prepare for greater scale  Validate changes Based on experiences with ~200 users © 2008 AmberPoint, Inc. 8 4
  • 5. Discovery and Application Mapping  Dynamic Discovery of your SOA environment…  Application Flow & Transactions  Dependencies  Services  Consumers  Runtime Policies & Metadata  …across Heterogeneous Infrastructure  Containers  ESBs & Process Engines  Appliances Messaging Repositories  Registries / Repositories Home-grown  No application, message or Service Databases Registries header modifications  Closes the loop with design time Intended Design governance Running Reality A complete accounting of your SOA application environment © 2008 AmberPoint, Inc. 9 Hybrid Discovery Model Software Development Tools Policies Discovers Service Management Development • Approved Services Tools • Intended Usage service Xact Management contract • Policies Home-grown Repositories/ Databases Registries Enterprise Service Bus System Validation Closed Loop Governance Publishes Runtime • Services (discovered, changes) Data / Results Repository • Scorecard Information • Policies (new, changes)  Publishes Design Reality  Changes to services, endpoints and policies  Scorecard metrics – availability, performance, etc. ?  Dependencies vs. ?  Detects discrepancy between intentions (design/dev) and reality (runtime) ? Ensures Closed Loop Governance © 2008 AmberPoint, Inc. 5
  • 6. Detailed Metadata of Your SOA Environment  Operational Info:  When service was discovered  Availability  Type of service  Type of container  Link to WSDL Operational Info  Business Info:  Business owner  Division  Version  Etc. Custom: Business Info  Chargeback info  Risk assessment  Links to URL‟s  Etc. © 2008 AmberPoint, Inc. 11 Agenda  SOA Topologies  SOA Runtime Governance Practices  Discover  Manage Service Quality  Manage Business Transactions  Prepare for greater scale  Validate changes © 2008 AmberPoint, Inc. 12 6
  • 7. Service Quality Management Graphical View Table View Filters Detail  Monitor Performance & Availability  Monitor Security  Trends, thresholds, varying intervals, etc.  Respond to anomalies  Isolate areas of interest  Recent additions  “Rogue” services  Problem areas  Specific application groups © 2008 AmberPoint, Inc. 13 Service Level Management Service- and Business-level Visibility Service View User Summary and Objectives Alerts Historical Reporting  Enforce agreements based on business criteria  Flexible calendars, multiple objectives  Granular visibility – groups, users, services, operations  Preventative and corrective actions © 2008 AmberPoint, Inc. 7
  • 8. Security First- and Last-Mile Enforcement First Mile Security Extensive Integration - Client-side agent - Identity Management - Automatic Systems enforcement of out- - Security Appliances bound security - App Server / ESB / OS Security Identity Management Systems <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name> env:Fault> <Name>John Smith</Name> <Encrypted <EncryptedData Unknown Servic Type='http://www.w3.org/2001/04/xml enc#Element' Type='http "urn:ups-shipping xmlns='http://www.w3.org/2001/04/x mlenc#'> <CipherDa Service Down Firewall <CipherData> <Cipher server:8192/e <CipherValue>A23B45C56</Cipher Value> </Ciphe /soapenv: </CipherData> </EncryptedData> </PaymentInfo> Complete Policy Last Mile Security Library - Plug-ins provide endpoint - Authentication protection - Authorization - No ability to circumvent - Credential Mapping - Censorship - Crypto © 2008 AmberPoint, Inc. 15 Agenda  SOA Topologies  SOA Runtime Governance Practices  Discover  Manage Service Quality  Manage Business Transactions  Prepare for greater scale  Validate changes © 2008 AmberPoint, Inc. 16 8
  • 9. Business Transaction Management Managing Individual Services is Not Enough  Real business value is associated with complete, end-to-end End-to-End transactions  Order management  Claims processing  Sales lead qualification Process Engine Service Bus  On-line reservations  Common Issues...  No overall view into transaction status Technical Challenges  Minimal business visibility  Transactions flow through both  Slow end-to-end response times service and non-service based components  Transactions "disappear"  Services  Applications  Business Impact  ESBs  Internal fire drills and finger  Process Engines pointing  Databases  Variety of architectures  Unhappy customers  Synchronous and asynchronous  Lost revenue messaging  Long running transactions – hours, days, ... © 2008 AmberPoint, Inc. 17 Business Transaction Management Monitoring Performance, Availability & Service Level Agreements Business Groups  Platinum, Gold, etc.  Accounting, Shipping, etc. Transaction Performance & Availability Consumer Service SLA’s Level Violations Historical Reporting End-to-End  Enforces agreements in real time  Enables preventative Process Engine Service Bus and corrective actions  Not just reporting violations after its too © 2008 AmberPoint, Inc. late 18 9
  • 10. Business Transaction Management Business Instrumentation Consumer SLA’s Business Instrumentation Business Groups  Track business value flowing through the system  Track revenue, total orders, etc.  Can customize instrumentation and dashboards © 2008 AmberPoint, Inc. 19 Business Transaction Management Real-time Detection of Exceptions  Handles Technical and Business Exceptions  Stalled transactions, missing steps, error messages  Incorrect data values, boundry conditions, etc.  User-defined Exception Policies Rejected Order  What to look for – leverage message Alert content  Action to take – notify, intervene, etc © 2008 AmberPoint, Inc. 20 10
  • 11. Agenda  SOA Topologies  SOA Runtime Governance Practices  Discover  Manage Service Quality  Manage Business Transactions  Prepare for greater scale  Validate changes © 2008 AmberPoint, Inc. 21 Runtime Policy Enforcement: Service Virtualization  Abstracts service changes and versions behind a published „façade‟ (a „virtual‟ service)  Enables endpoint routing, load-balancing, failover, transformations etc. Before After • Sees simpler interface • Service changes don’t show through. Service Service Virtual •Load balance A B •Route Svc •Transform (PEP) •Version OrderLookup ScheduleShip ChangeDate ChangePrior Service Service ChangeQty LookupETA A B OrderLookup ScheduleShip ChangeDate ChangePrior ChangeQty LookupETA © 2008 AmberPoint, Inc. 11
  • 12. Automatic Policy Provisioning  Policies with a “where clause”  Automatically applies policies based on dynamic attributes and message content.  All production services  All services in Accounting application  All services deployed in WebLogic containers  User-defined attributes for services, containers & policies  Assignments are reevaluated as attributes change One-at-a-Time Approach Profile Based Approach p1 p1 p1 p50 Logging all services s1 Security where Load-Bal where deployed s2 Encryption “Accounting” Weighted on .NET app servers s3 100 svcs x 50 policies s1 s5 5,000 s3 s6 policy points s2 s4 s100  Can manage system on “autopilot” where policies are automatically assigned as appropriate.  Eliminates production mistakes by reducing manual steps. © 2008 AmberPoint, Inc. Agenda  SOA Topologies  SOA Runtime Governance Practices  Discover  Manage Service Quality  Manage Business Transactions  Prepare for greater scale  Validate changes © 2008 AmberPoint, Inc. 24 12
  • 13. Business System Validation Distributed Components and Reuse Puts Business Systems at Risk Development Staging Production “Approved” Process Engine Service Bus Design Development QA  Impact of any changes ripple throughout the system  Real impact of planned changes is hard to predict  Impact of unplanned or unannounced changes can be devastating  Yet, most SOA environments find it impossible to setup and replicate all dependent systems for testing elsewhere  And, new use and reuse creates blind spots in preproduction procedures Need to Validate Integrity of the Entire System Before Installing Changes © 2008 AmberPoint, Inc. 25 25 Validate Impact on Dependent Systems  Acceptance testing of pending changes to SOA Validation Checklist environment : Capacity Adequate  New Versions of Services : Security Policies Functioning  Policy Changes : WS-I Compliant  Bug Fixes Unexpected Deviation for  Infrastructure Patches, etc. B2B Partner Usage  Uses knowledge of dependencies and observed interactions  Simulates services that Development Staging Production can’t be replicated in pre-production environments  External services  Fee-based services Process Engine Service Bus  Gives Staging and Operations a final check before deploying changes The “Preflight Check” for SOA Systems © 2008 AmberPoint, Inc. 26 26 13
  • 14. Q&A Paul Butterworth pbutterworth@amberpoint.com www.amberpoint.com 510.663.6300 27 14