This document summarizes a presentation on SOA intermediaries given at the 2008 SOA Symposium in Amsterdam. It discusses the evolution of integration technologies from MOM and EAI to ESBs and web services. It defines different types of ESB products and outlines deployment scenarios. Key topics covered include the role of XML appliances, open source vs. commercial ESBs, and using the right SOA approach based on domain complexity.

1. This Presentation Courtesy of the
International SOA Symposium
October 7-8, 2008 Amsterdam Arena
www.soasymposium.com
info@soasymposium.com
Founding Sponsors
Platinum Sponsors
Gold Sponsors Silver Sponsors

2. [21.10.2008]
SOA Intermediary Continuum
Dr. Thomas Rischbeck
2008-10-08, 10:00
SOA Symposium Amsterdam
[innovation process technology inc.]
[www.ipt.ch]
Confusion in the Marketplace
You might know this book cover …
[©2008 ipt | switzerland] [page 2]
[©2002 ipt | switzerland germany austria] [seite 1]

3. [21.10.2008]
The Fossil Record:
ESB Development Paths
MOM-based
MOM: publish-subscribe, loose coupling MOM
ESB
via queues, JMS API
EAI: Adapters, promise of universal
connectivity, QoS, transaction
management EAI Integration
WS: WS-platform/management vendors; Suites
platform-independent standards for SOA: WS-P
XML, WSDL, SOAP, UDDI, HTTP WS-M Pure-WS
ESB
APS: embedded ESB APS
Open Source + ESB
XML appliances APS
Open
RISK: Consolidation pressure puts Source
long-term viability of vendors at risk
XML Appliances
Source: IEEE Computer Archeology
[©2008 ipt | switzerland] [page 3]
What is an ESB? IDC: The ESB is an open standards-based technology
concept that will revolutionize IT and enable flexible and
scalable distributed computing for generations to come.
EAI++
ESB is just a Pattern - Zapthink: „message-bus with
IBM service-oriented interfaces“
Cali-Mero Fio-Rano
MOM++
An enterprise platform that implements
standardized interfaces for communication,
connectivity, transformation, and security.”-
Fiorano Software
A standards-based integration backbone,
combining messaging, Web services,
transformation, and intelligent routing (2004) -
Sonic Software
low-cost lightweight alternative to
traditional integration middleware -
Gartner
[©2008 ipt | switzerland] [page 4]
[©2002 ipt | switzerland germany austria] [seite 2]

4. [21.10.2008]
Gartner Hype Cycle
[©2008 ipt | switzerland] [page 5]
What is an ESB?
Convergence
Consolidation
Commodity
Competition
[©2008 ipt | switzerland] [page 6]
[©2002 ipt | switzerland germany austria] [seite 3]

5. [21.10.2008]
Can ESB be standardized? The JBI Attempt …
“Middleware for Middleware”
Targeted at integration
component vendors
Java-only
Sun
Iona
Tibco
Open Source (Redhat,
WS02,ServiceMix, Mule)
[©2008 ipt | switzerland] [page 7]
Vendor-specific
Portal Tier Portlet Web App
WLP Order Management
Process Tier Process
WLI Service
Security Services Registry
AquaLogic Enterprise
Security Service
Registry
Services Routing
AquaLogic Service Service Integration/Routing
Bus
Service
Data Services Service Registry
Registry
AquaLogic Data
Services Platform Inventory
Billing
Management
Service Registry
AquaLogic Service
Registry
End-to-end Web Data
Services Oracle Mainframe .Net ERP Warehouse
Management
[©2008 ipt | switzerland] [page 8]
[©2002 ipt | switzerland germany austria] [seite 4]

6. [21.10.2008]
Reference Architecture
Access/Client
Client Browser Rich Client
Tier
Access XML Appliance Reverse Proxy
Portal HTML
Presentation App / Web Server
Process Orchestration – Process Services
Monitoring (End-to-End)
Integration ESB – Enterprise Services
Middle
Shared Identity
Security
Domain Domain Services
Tier
Services Mgmt
Business Services BRMS …
Business Logic Applications … …
Registry/
Data Enterprise Information Repository
Data Access Services Integration
Data
Operational Data Storage Base
Data
Tier
Data Exploitation Data
DWH
Mart
[©2008 ipt | switzerland] [page 9]
Reference Architecture
Access/Client
Client Browser Rich Client
Tier
Access XML Appliance Reverse Proxy
Portal HTML
Presentation App / Web Server
Process 1 Orchestration – Process Services
2
Monitoring (End-to-End)
Integration ESB – Enterprise Services
Middle
Shared Identity
Security
Domain Domain Services
Tier
Services Mgmt
Business Services BRMS …
Business Logic Applications … …
Registry/
Data Enterprise Information Repository
Data Access Services Integration
Data
Operational Data Storage Base
Data
Tier
Data Exploitation Data
DWH
Mart
[©2008 ipt | switzerland] [page 10]
[©2002 ipt | switzerland germany austria] [seite 5]

7. [21.10.2008]
ESB Product Types
[innovation process technology inc.]
[www.ipt.ch]
Do you really need an SOA Intermediary?
SOAP as enterprise messaging backbone
Dumb Network, Intelligent Endpoints
SOAP as unified messaging format
WS* subsumes ESB functionalities:
Reliable Delivery (WS-RM, WS-RX)
Transactions (WS-T, WS-BA)
Security (WSS)
Central Registry
But:
Configuration?
Departmentalized Security?
Source: Jim Webber, Thoughtworks
Service Sprawl? Monitoring?
APS with Integration Stand-alone WS-pureplay XML Appliances P2P SOAP,
bundled ESB Suites ESB ESB No ESB
[©2008 ipt | switzerland] [page 12]
[©2002 ipt | switzerland germany austria] [seite 6]

8. [21.10.2008]
XML Level Threats
WS “tunnel” through the firewall, allow direct A2A interaction
This opens up Pandorra’s box
External Internal
Payload Size
Service Client Recursive Payload Service
XML Schema Poisoning
XML/HTTP
Corporate Firewall
Service Client
WSDL Scanning Service
SQL/XQuery Injection
Service Client Service
DOS Attacks
Service Client Replay Attacks Service
Routing Attacks
Malicious Binary Content
Service Service Client
Data Leaks
[©2008 ipt | switzerland] [page 13]
XML Appliances – TCP/IP Layers
ISO/OSI layers TCP/IP model Sample protocols Devices
7 Application SOAP, XML XML Appliances
6 Presentation HTTP, HTTPS Content Service Switch
Application FTP Layer 4-7 Switches
5 Session Telnet
SMTP
LDAP
4 Transport
NTP
3 Network Transport TCP, UDP Router, Layer-3 Switch
2 Data Link Network IP, ICMP, IGMP, IPX Switches, Bridges
Network Interface:
1 Physical Link Hubs, Repeaters
Ethernet, Token Ring, FDDI
APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP,
bundled ESB Suites ESB ESB XML firewalls No ESB
[©2008 ipt | switzerland] [page 14]
[©2002 ipt | switzerland germany austria] [seite 7]

9. [21.10.2008]
XML Appliances
XML Processing at Network Boundaries
XML-Threat Prevention, Security DMZ
Load Balancing, Routing
Policy Management & Enforcem Finance Sales
XML ASICs
ESB1 ESB2
But:
Asynchronous Delivery?
IBM (ex DataPower)
Layer7
Cisco (ex Reactivity)
Forum Systems
Intel (ex Sarvega)
Vordel, Bridgewerx
APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP,
bundled ESB Suites ESB ESB XML firewalls No ESB
[©2008 ipt | switzerland] [page 15]
ESB Products
Stand-alone ESB Open Source ESB
Mulesource
Fiorano ESB
WS02 (ex Synapse)
Sonic ESB
Redhat JBoss
ServiceMix
Iona Celtix
WS-pureplay ESB
Message Queueing (JMS, MOM) Blue Titan Network Director
Persistence, Reliable Delivery Cape Clear 6 Server
lightweight service containers Iona Artix
multi-step processes PolarLake Messaging Integrator
(some with BPEL)
No native Messaging (JMS)
APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP,
bundled ESB Suites ESB ESB XML firewalls No ESB
[©2008 ipt | switzerland] [page 16]
[©2002 ipt | switzerland germany austria] [seite 8]

10. [21.10.2008]
Integration Suites
Adapters for legacy applications Sterling Commerce Gentran Integration
data transformation tools (EDI, etc) Suite
Data reconciliation, multi-step process and Sun SeeBeyond ICAN Suite 5
composite transactions
Tibco BusinessWorks
Vitria BusinessWare
webMethods Fabric
Fujitsu Interstage
IBM WebSphere Process Server
Magic Software iBOLT Business Integration
Suite
APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP,
bundled ESB Suites ESB ESB XML firewalls No ESB
[©2008 ipt | switzerland] [page 17]
Application Platform Suites
“All-in-one” BEA AquaLogic
application server (service hosting) IBM WebSphere
Microsoft WCF/Biztalk (+ESB Patterns)
Portal, Embedded ESB
Oracle SOA Suite/
Integration Suite equivalent Fusion Middleware
SAP Netweaver
STRATEGY 2: Adapt Integration Infrastructure to Domain
Complexity
Increasing Complexity of Problem
Domain
APS with Integration Stand-alone WS-pureplay Applicances/ P2P SOAP,
bundled ESB Suites ESB ESB XML firewalls No ESB
[©2008 ipt | switzerland] [page 18]
[©2002 ipt | switzerland germany austria] [seite 9]

11. [21.10.2008]
Deployment Scenarios
[innovation process technology inc.]
[www.ipt.ch]
Deployment Scenarios
Endpoint-centric ESB
Capability of the hosting platform
Microsoft WCF: „channeling pattern“
Internet-ESB (ESB as-a-service)
Amazon Simple Queueing Services (SQS)
More relaxed QOS-guarantees than JMS
Microsoft Internet Service Bus (ISB) – Biztalk Services
Relay services via the Internet and across firewalls
Simple workflow & registry support
Application-level ESB
Application-internal SOA to better handle complex apps
Expose a subset of functionality to the outside
Consume functionality from the outside
[©2008 ipt | switzerland] [page 20]
[©2002 ipt | switzerland germany austria] [seite 10]

12. [21.10.2008]
Deployment Example – Web Portal Data Scrubbing
Web
Services
Parser
Attack
Legitimate
Traffic
Portal / Web SecureSpan XML
Service Data Screen Cluster
XDOS
Attack
Source: Layer7
[©2008 ipt | switzerland] [page 21]
Deployment Example – B2B Services
Service
Endpoints
(Secure Zone)
Internal Firewall
External Firewall
Corporate
Identity Server
Business
Partners
SecureSpan XML
Firewall Cluster
SecureSpan XML SecureSpan
DMZ
VPN Client Manager
Source: Layer7
[©2008 ipt | switzerland] [page 22]
[©2002 ipt | switzerland germany austria] [seite 11]

13. [21.10.2008]
Deployment Example – SOA Governance
SecureSpan
Manager
Service Consumer
with Hard-Coded WS- WS-
Policy Policy
Policy
WS- WS-
Policy Policy
SecureSpan
Service Consumer WS-
Policy XML Networking
with SecureSpan
Gateway Cluster
XML VPN Client
WS- Web
Policy
Service
Source: Layer7
[©2008 ipt | switzerland] [page 23]
Conclusion
ESB lives on a scale of SOA intermediaries
Market undergoes consolidation, convergence, competition
product types more and more have the same features (XML
appliances, ESB, etc.)
SOA without intermediary neglects security and governance aspects
[©2008 ipt | switzerland] [page 24]
[©2002 ipt | switzerland germany austria] [seite 12]

14. [21.10.2008]
Thank you!
[ipt]
innovation process technology
___________________________
Dr. Thomas Rischbeck | it architect
Office Zug
Baarerstrasse 14 | CH-6300 Zug
Phone: +41 41 727 25 25 | Fax: +41 41 727 25 26
Email: thomas.rischbeck@ipt.ch
[innovation process technology inc.]
[www.ipt.ch]
[©2002 ipt | switzerland germany austria] [seite 13]