Thomas Rischbeck Intermediary Continuum

1,322 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,322
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Thomas Rischbeck Intermediary Continuum

  1. 1. This Presentation Courtesy of the International SOA Symposium October 7-8, 2008 Amsterdam Arena www.soasymposium.com info@soasymposium.com Founding Sponsors Platinum Sponsors Gold Sponsors Silver Sponsors
  2. 2. [21.10.2008] SOA Intermediary Continuum Dr. Thomas Rischbeck 2008-10-08, 10:00 SOA Symposium Amsterdam [innovation process technology inc.] [www.ipt.ch] Confusion in the Marketplace You might know this book cover … [©2008 ipt | switzerland] [page 2] [©2002 ipt | switzerland germany austria] [seite 1]
  3. 3. [21.10.2008] The Fossil Record: ESB Development Paths MOM-based MOM: publish-subscribe, loose coupling MOM ESB via queues, JMS API EAI: Adapters, promise of universal connectivity, QoS, transaction management EAI Integration WS: WS-platform/management vendors; Suites platform-independent standards for SOA: WS-P XML, WSDL, SOAP, UDDI, HTTP WS-M Pure-WS ESB APS: embedded ESB APS Open Source + ESB XML appliances APS Open RISK: Consolidation pressure puts Source long-term viability of vendors at risk XML Appliances Source: IEEE Computer Archeology [©2008 ipt | switzerland] [page 3] What is an ESB? IDC: The ESB is an open standards-based technology concept that will revolutionize IT and enable flexible and scalable distributed computing for generations to come. EAI++ ESB is just a Pattern - Zapthink: „message-bus with IBM service-oriented interfaces“ Cali-Mero Fio-Rano MOM++ An enterprise platform that implements standardized interfaces for communication, connectivity, transformation, and security.”- Fiorano Software A standards-based integration backbone, combining messaging, Web services, transformation, and intelligent routing (2004) - Sonic Software low-cost lightweight alternative to traditional integration middleware - Gartner [©2008 ipt | switzerland] [page 4] [©2002 ipt | switzerland germany austria] [seite 2]
  4. 4. [21.10.2008] Gartner Hype Cycle [©2008 ipt | switzerland] [page 5] What is an ESB? Convergence Consolidation Commodity Competition [©2008 ipt | switzerland] [page 6] [©2002 ipt | switzerland germany austria] [seite 3]
  5. 5. [21.10.2008] Can ESB be standardized? The JBI Attempt … “Middleware for Middleware” Targeted at integration component vendors Java-only Sun Iona Tibco Open Source (Redhat, WS02,ServiceMix, Mule) [©2008 ipt | switzerland] [page 7] Vendor-specific Portal Tier Portlet Web App WLP Order Management Process Tier Process WLI Service Security Services Registry AquaLogic Enterprise Security Service Registry Services Routing AquaLogic Service Service Integration/Routing Bus Service Data Services Service Registry Registry AquaLogic Data Services Platform Inventory Billing Management Service Registry AquaLogic Service Registry End-to-end Web Data Services Oracle Mainframe .Net ERP Warehouse Management [©2008 ipt | switzerland] [page 8] [©2002 ipt | switzerland germany austria] [seite 4]
  6. 6. [21.10.2008] Reference Architecture Access/Client Client Browser Rich Client Tier Access XML Appliance Reverse Proxy Portal HTML Presentation App / Web Server Process Orchestration – Process Services Monitoring (End-to-End) Integration ESB – Enterprise Services Middle Shared Identity Security Domain Domain Services Tier Services Mgmt Business Services BRMS … Business Logic Applications … … Registry/ Data Enterprise Information Repository Data Access Services Integration Data Operational Data Storage Base Data Tier Data Exploitation Data DWH Mart [©2008 ipt | switzerland] [page 9] Reference Architecture Access/Client Client Browser Rich Client Tier Access XML Appliance Reverse Proxy Portal HTML Presentation App / Web Server Process 1 Orchestration – Process Services 2 Monitoring (End-to-End) Integration ESB – Enterprise Services Middle Shared Identity Security Domain Domain Services Tier Services Mgmt Business Services BRMS … Business Logic Applications … … Registry/ Data Enterprise Information Repository Data Access Services Integration Data Operational Data Storage Base Data Tier Data Exploitation Data DWH Mart [©2008 ipt | switzerland] [page 10] [©2002 ipt | switzerland germany austria] [seite 5]
  7. 7. [21.10.2008] ESB Product Types [innovation process technology inc.] [www.ipt.ch] Do you really need an SOA Intermediary? SOAP as enterprise messaging backbone Dumb Network, Intelligent Endpoints SOAP as unified messaging format WS* subsumes ESB functionalities: Reliable Delivery (WS-RM, WS-RX) Transactions (WS-T, WS-BA) Security (WSS) Central Registry But: Configuration? Departmentalized Security? Source: Jim Webber, Thoughtworks Service Sprawl? Monitoring? APS with Integration Stand-alone WS-pureplay XML Appliances P2P SOAP, bundled ESB Suites ESB ESB No ESB [©2008 ipt | switzerland] [page 12] [©2002 ipt | switzerland germany austria] [seite 6]
  8. 8. [21.10.2008] XML Level Threats WS “tunnel” through the firewall, allow direct A2A interaction This opens up Pandorra’s box External Internal Payload Size Service Client Recursive Payload Service XML Schema Poisoning XML/HTTP Corporate Firewall Service Client WSDL Scanning Service SQL/XQuery Injection Service Client Service DOS Attacks Service Client Replay Attacks Service Routing Attacks Malicious Binary Content Service Service Client Data Leaks [©2008 ipt | switzerland] [page 13] XML Appliances – TCP/IP Layers ISO/OSI layers TCP/IP model Sample protocols Devices 7 Application SOAP, XML XML Appliances 6 Presentation HTTP, HTTPS Content Service Switch Application FTP Layer 4-7 Switches 5 Session Telnet SMTP LDAP 4 Transport NTP 3 Network Transport TCP, UDP Router, Layer-3 Switch 2 Data Link Network IP, ICMP, IGMP, IPX Switches, Bridges Network Interface: 1 Physical Link Hubs, Repeaters Ethernet, Token Ring, FDDI APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP, bundled ESB Suites ESB ESB XML firewalls No ESB [©2008 ipt | switzerland] [page 14] [©2002 ipt | switzerland germany austria] [seite 7]
  9. 9. [21.10.2008] XML Appliances XML Processing at Network Boundaries XML-Threat Prevention, Security DMZ Load Balancing, Routing Policy Management & Enforcem Finance Sales XML ASICs ESB1 ESB2 But: Asynchronous Delivery? IBM (ex DataPower) Layer7 Cisco (ex Reactivity) Forum Systems Intel (ex Sarvega) Vordel, Bridgewerx APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP, bundled ESB Suites ESB ESB XML firewalls No ESB [©2008 ipt | switzerland] [page 15] ESB Products Stand-alone ESB Open Source ESB Mulesource Fiorano ESB WS02 (ex Synapse) Sonic ESB Redhat JBoss ServiceMix Iona Celtix WS-pureplay ESB Message Queueing (JMS, MOM) Blue Titan Network Director Persistence, Reliable Delivery Cape Clear 6 Server lightweight service containers Iona Artix multi-step processes PolarLake Messaging Integrator (some with BPEL) No native Messaging (JMS) APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP, bundled ESB Suites ESB ESB XML firewalls No ESB [©2008 ipt | switzerland] [page 16] [©2002 ipt | switzerland germany austria] [seite 8]
  10. 10. [21.10.2008] Integration Suites Adapters for legacy applications Sterling Commerce Gentran Integration data transformation tools (EDI, etc) Suite Data reconciliation, multi-step process and Sun SeeBeyond ICAN Suite 5 composite transactions Tibco BusinessWorks Vitria BusinessWare webMethods Fabric Fujitsu Interstage IBM WebSphere Process Server Magic Software iBOLT Business Integration Suite APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP, bundled ESB Suites ESB ESB XML firewalls No ESB [©2008 ipt | switzerland] [page 17] Application Platform Suites “All-in-one” BEA AquaLogic application server (service hosting) IBM WebSphere Microsoft WCF/Biztalk (+ESB Patterns) Portal, Embedded ESB Oracle SOA Suite/ Integration Suite equivalent Fusion Middleware SAP Netweaver STRATEGY 2: Adapt Integration Infrastructure to Domain Complexity Increasing Complexity of Problem Domain APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP, bundled ESB Suites ESB ESB XML firewalls No ESB [©2008 ipt | switzerland] [page 18] [©2002 ipt | switzerland germany austria] [seite 9]
  11. 11. [21.10.2008] Deployment Scenarios [innovation process technology inc.] [www.ipt.ch] Deployment Scenarios Endpoint-centric ESB Capability of the hosting platform Microsoft WCF: „channeling pattern“ Internet-ESB (ESB as-a-service) Amazon Simple Queueing Services (SQS) More relaxed QOS-guarantees than JMS Microsoft Internet Service Bus (ISB) – Biztalk Services Relay services via the Internet and across firewalls Simple workflow & registry support Application-level ESB Application-internal SOA to better handle complex apps Expose a subset of functionality to the outside Consume functionality from the outside [©2008 ipt | switzerland] [page 20] [©2002 ipt | switzerland germany austria] [seite 10]
  12. 12. [21.10.2008] Deployment Example – Web Portal Data Scrubbing Web Services Parser Attack Legitimate Traffic Portal / Web SecureSpan XML Service Data Screen Cluster XDOS Attack Source: Layer7 [©2008 ipt | switzerland] [page 21] Deployment Example – B2B Services Service Endpoints (Secure Zone) Internal Firewall External Firewall Corporate Identity Server Business Partners SecureSpan XML Firewall Cluster SecureSpan XML SecureSpan DMZ VPN Client Manager Source: Layer7 [©2008 ipt | switzerland] [page 22] [©2002 ipt | switzerland germany austria] [seite 11]
  13. 13. [21.10.2008] Deployment Example – SOA Governance SecureSpan Manager Service Consumer with Hard-Coded WS- WS- Policy Policy Policy WS- WS- Policy Policy SecureSpan Service Consumer WS- Policy XML Networking with SecureSpan Gateway Cluster XML VPN Client WS- Web Policy Service Source: Layer7 [©2008 ipt | switzerland] [page 23] Conclusion ESB lives on a scale of SOA intermediaries Market undergoes consolidation, convergence, competition product types more and more have the same features (XML appliances, ESB, etc.) SOA without intermediary neglects security and governance aspects [©2008 ipt | switzerland] [page 24] [©2002 ipt | switzerland germany austria] [seite 12]
  14. 14. [21.10.2008] Thank you! [ipt] innovation process technology ___________________________ Dr. Thomas Rischbeck | it architect Office Zug Baarerstrasse 14 | CH-6300 Zug Phone: +41 41 727 25 25 | Fax: +41 41 727 25 26 Email: thomas.rischbeck@ipt.ch [innovation process technology inc.] [www.ipt.ch] [©2002 ipt | switzerland germany austria] [seite 13]

×