An introduction to SOA fundamentals By : Abhishek Chatterjee
Agenda <ul><li>History of architecture </li></ul><ul><li>IBM definition of Architecture </li></ul><ul><li>What Is SOA ? </li></ul><ul><li>SOA building blocks </li></ul><ul><ul><li>Linking XML, SOAP, WSDL, UDDI for web services </li></ul></ul><ul><ul><li>Adepter connections </li></ul></ul><ul><ul><li>SOA registry & Service broker </li></ul></ul><ul><ul><li>Enterprise service bus </li></ul></ul><ul><ul><li>SOA supervisor </li></ul></ul><ul><ul><li>SOA security, identity management, authentication </li></ul></ul><ul><ul><li>Additional software tools </li></ul></ul><ul><ul><li>Application lifecycle model </li></ul></ul><ul><ul><li>SOA testing </li></ul></ul><ul><ul><li>Business process modeller </li></ul></ul><ul><ul><li>Information as service </li></ul></ul><ul><ul><li>SOA repository </li></ul></ul><ul><ul><li>SOA governance </li></ul></ul><ul><li>SOA – Final picture </li></ul>
Mainframes: The first applications ran on one central computer. Users connected through dumb terminals or teletype machines. no messaging systems, no GUIs, no shared data, and no interaction between applications . Workstations : As desktop computers, personal applications; each user ran a locally installed copy and quit it after its use. No data was shared Networking : Networks connected workstations to each other . This enabled e-mail capability within an enterprise and sharing files on a file server. Client/server : application no longer ran completely on a central computer or on a workstation, but was split across the two. business logic that ran on the server and local clients. central business logic running in application servers . N-tier : Database server runs on a different host computer from the application server, that's a three-tier architecture . Internet : The Internet is networking on a global network . enabled communications and information sharing between users anywhere in the world. World Wide Web : Web made the Internet graphical , using HTML, hyperlinks to other document . Browser GUIs : Web introduced HTML browsers for viewing static HTML documents. provide interactive GUIs for accessing remote applications. This was a return to the centralized computing model. none of the application ran on the client except for HTML rendering and some simple scripting
Enterprise architecture: architect is responsible for an enterprise's full range of software-intensive systems, including the relationship between multiple applications, data shared between applications, integration of the applications, and the infrastructure to run applications Application architecture : focuses on the design of applications to automate business processes and provide functionality that helps users perform business tasks. Focus of functional and quality of service requirements including performance, availability, scalability, security, and integrity. Information architecture: focus on structure, integrity, security, and accessibility of that data Infrastructure architecture : focuses on the design of hardware and server software including server computers, storage, workstations, middleware, non-application software, networks, and the physical facilities that support the applications and business processes required by the enterprise Integration architecture: focuses on the design of solutions that enable existing applications, packaged software offerings, networks, and systems to work together within an enterprise or among enterprises Operations architecture : focuses on the design of solutions to manage the infrastructure and applications used by the enterprise
Before we define SOA, Lets find what is Web services and Web 2.0 . Web services: Internet was created to connect applications, but the Web connected people to static content and to server applications. Web services use the Web to connect applications so that one application can invoke behaviour in another application through a Web connection . Web 2.0: This is the application of Web services to Web sites. The user of a Web site is no longer a person, it's another application. SOA: It is an architecture for building business application as a set of loosely coupled black box components orchestrated to deliver a well defined level of service by linking together business processes. Applications have tended to be monolithic, applications at best interacted as peers . SOA divides an application into a service coordinator . that represents user functionality and service providers that implement the functionality , a service can be reused and shared by multiple composite applications .
<ul><li>Open system: </li></ul><ul><li>Consider a web based application for Order processing , allow customers to place order through internet. </li></ul><ul><li>The Browser for display the information and send information back to web servers. </li></ul><ul><li>Web server (IIS , Apache etc) for storing the web pages. </li></ul><ul><li>Order processing application resides in application server (Websphere, oracle weblogic etc) </li></ul><ul><li>database server: used the read and write data from and to database(Oracle, Db2, MySQL, ADABAS, SQL server ) </li></ul><ul><li>Mainframe system: </li></ul><ul><li>The Browser for display the information and send information back to application servers/ CICS transaction servers. </li></ul><ul><li>application server (IBM/Apache HTTP server or CICS transaction servers) for storing the application. </li></ul><ul><li>Application resides in HTTP server or CICS is responsible for receiving HTTP request and convert to COMMAREA and convert them HTML/XML while sending data back to web browser. </li></ul>
<ul><li>Separation of Business logic from plumbing logic </li></ul><ul><li>Business service layer for the application ORDER PROCESSing </li></ul><ul><li>Plumbing layer (managing presentation & data layer) </li></ul><ul><ul><li>Presentation layer: web server names and property and management parameters can vary </li></ul></ul><ul><ul><li>Data layer: data server names and property and management parameters can vary </li></ul></ul>Adding existing application to the service Add invoice system to by creating a adapter SOA supervisor <ul><li>Who is in charge?? </li></ul><ul><li>SOA supervisor Acts like traffic cop, manages end-to-end computer process created by connecting all the other software components together.(maintain service levels) </li></ul><ul><li>Also, initiates corrective actions in things start to go wrong. (interacts with infrastructure services) </li></ul>
<ul><li>Breaking order processing application into reusable functions:- </li></ul><ul><li>order function: </li></ul><ul><li>customer function </li></ul><ul><li>payment function </li></ul><ul><li>Every function can be converted to WEB SERVICES. </li></ul><ul><li>Web service standards:- </li></ul><ul><li>XML(eXtensible markup language, </li></ul><ul><li>WSDL(web service description language), SOAP(simple object access protocol), </li></ul><ul><li>UDDI (universal description, discovery and integration). </li></ul>Business process: connect all business services( use as Web services) to create business process. Business application: includes components with supporting web interfaces( Web services). Business process management (BPM): Need some sort of process manager to manage the flow of work between all parts.BPM codifies how business works, links the business functions from existing applications. Loose Coupling: component service and plumbing are separated so that service itself has no code managing the computing environment. SaaS: Is a model of software deployment where an application is hosted as a service provided to customers across the Internet . By eliminating the need to install and run the application on the customer's own computer, SaaS alleviates the customer's burden of software maintenance, ongoing operation, and support. SaaS Licensing model: Use based licensing model, sold as subscription.
Enterprise service Bus (ESB): Different pieces of software talk to each other by sending messages. ESB is used to transport messages quickly and reliably between software components. Work flow engine: Designed to connect a whole business process from end-to-end, flowing work from one individual/process to another until entire BP is carried out. SOA registry: Its an electronic catalogue where you store information describing what each component does. (publish web sevrices) Acts as a reference that helps them select components and connect them together to create composite applications and build process Also store How each components connects to other Service broker: Acts like a needle threading one component to the next in a business process. Uses the information in SOA registry and threads components together for the workflow engine. SOA supervisor Guarantee service: 99.999% Define and measure the service levels for the end-to-end business process. SOA supervisor plays pivotal role. ESB
XML: the definition language that can accompany information ( XSD : defines the template of the information.) SOAP: standard that uses XML to describe messages that are sent from program to program. A program uses SOAP to request a service from another program & then pass the related data. (consists of Envelop, Header, Body and fault) WSDL: A standard based on XML programmers use WSDL to create XML document that describes a Web service and how to access it. (consist of Definition of Post, message(input & Output, data types, program binding) UDDI: It is a framework for describing, discovering and integrating business services via internet. (a public registry)
<ul><li>Service broker searches the registry and inform Order processing Adapter about the interface it needs to pass to credit checking services. </li></ul><ul><li>As long as the interface is unchanged and registry is up to date. Credit checking application implementation environment change does not make any difference. </li></ul><ul><li>Adapter to adapter conversion process happens through Binding. </li></ul><ul><li>Late binding: C code require early binding (full code available during the compilation time) </li></ul><ul><li>Early binding: Java code does late binding, running interpretively with in JVM or via JIT compiler/JVM </li></ul><ul><li>Different kind of adapters: </li></ul><ul><li>Web service adapter • Terminal emulation adapter </li></ul><ul><li>Document base adapter( EDI, ANSI) • Package application-based adapter </li></ul><ul><li>Adapter based on connection standards (CORBA, .NET, JCA) </li></ul><ul><li>Middleware adapter (IBM MQ series , BEA message Q) </li></ul><ul><li>Transaction engine adapter (CICS, BEA’s Tuxedo) </li></ul><ul><li>Data adapter (ODBC, JDBC adapters) </li></ul>
<ul><li>Registry contains: </li></ul><ul><li>Web service component interface description (XML based interface) </li></ul><ul><li>Non-XML based component interface description </li></ul><ul><li>Business process definition: service broker uses the information and connects all the components in the business process. </li></ul><ul><li>Business process rules: holds policies and rules to be applied when connect to services. </li></ul><ul><li>service level description. </li></ul><ul><li>Governance rules: content of registry must be subjected a set of management rules. </li></ul>
<ul><li>Service broker </li></ul><ul><li>Once the user request the order processing application, service broker consults the SOA registry to find out in this business process is allowed to run by checking the service level rules. </li></ul><ul><li>Check any of the 4 main components are running, if not start them. </li></ul><ul><li>Check if the interface between the components to be bound to each other. </li></ul><ul><li>Service broker provides other component with the information to connect to Rule engine so that they can execute the rules stored in. </li></ul>
<ul><li>What is Inside ESB </li></ul><ul><li>Messaging services (support Variety of messaging) </li></ul><ul><li>Management service (monitor performance, implement message priority & apply global business rules) </li></ul><ul><li>Interface services ( validate messages against schema definition, support web service standards and non-XLM standards) </li></ul><ul><li>Mediation services: transform messages between formats used by sending & receiving applications. </li></ul><ul><li>Metadata services: transform messages between formats by using metadata definitions held in registry </li></ul><ul><li>Security services: encrypt messages where needed & include standardized security model to authorize, authenticate & audit all ESB activities. </li></ul>
<ul><li>IT layers to be supervised: </li></ul><ul><li>Business service layer (monitoring service levels, identify fault and failure, fault management, remedial actions, performance modelling and optimization, reporting) </li></ul><ul><li>The plumbing layer (response time and customer satisfaction) </li></ul><ul><li>The hardware layer. </li></ul><ul><li>After service broker threads together and started a business process, send a message to SOA supervisor. </li></ul><ul><li>SOA supervisory consults registry to get detail of business process and start the SLA monitoring software. </li></ul><ul><li>SLA monitoring utility sends regular performance information to supervisor and in tern it send to some operator console. </li></ul><ul><li>If anything goes wrong then it call infrastructure services . </li></ul>
It pulls of the trick of providing a single identity for user that can be used throughout a computer network, or even across networks. Old days: Portal accesses the IM software and IM in turn provides all the passwords & access to individual application based on users role. SOA scenario: Connect to business services not applications. So IM software creates a encrypted token containing identity of user, details of the access rights of the user . Service broker delivers this token to all component and each component decrypts and executes it based on the access.
Weak authentication: password etc Strong authentication : computer readable cards, biometric reader. Software fingerprint: Antivirus software have a signature of bad software(Trojan, worms). These signatures are software fingerprints. If these concept is extended for ever good software. Each software component of business services are fingerprinted & stored in signature file. Service Broker passes the address of each component of the services to authentication software, which then tests it and pass/reject it & service broker then execute the components. Audit trail is kept using ESB of all messages that are passed Sometimes we use digital certificates to deal with trusted sources. Its guarantee of authenticity from issue authority, it says the named person and company has this public encryption keys (PKI – public key infrastructure) Certificates are kept in public registry.
Lifecycle tool: Iterative model actually involves people from business & technologies but still has a weakness and that is you are still developing the application not a business process. Getting software developer to think in terms of business process need to follow a new software development lifecycle. Use BPM tool to develop business process.
BPM tool: Generate the linking code by referring to interfaces published in the SOA registry Used to build new business functions & publishes their interfaces in the SOA registry Create instruction to direct a workflow engine. Store business process map in repository
<ul><li>Governance: </li></ul><ul><li>Establish a programming std, establish IT SOA govn best practices, monitoring the life cycle services. Establish a business services policy board made up of corporate, departmental & management representative, ensure proper design of services, identify key implementation issues, monitor SOA services from business perspective. </li></ul><ul><li>SOA repository: </li></ul><ul><li>Repository is a full system of records maintaining version controls, where as registry is the real time record of a SOA domain. </li></ul><ul><li>Information as service: </li></ul><ul><li>Data is generally refers to facts. </li></ul><ul><li>Information is a collection of these facts in a specific context from which conclusions can be drawn. </li></ul><ul><li>To make data more reliable, consistent & trusted use ETL(extract-transform-load) tool. </li></ul><ul><li>Information as service is an architectural approach that loosen the tight connection between data & applications to control & shared data enterprise. </li></ul>