1. WSO2 @ Connected Car
Deutsche Telekom / T-Systems
Dr. Andreas Wichmann
2. WSO2 at Connected Car - Agenda
1 The Concept of Connected Car – what we are going to provide
2 Evaluation Criteria – what middleware we need
3 Operational Criteria – what operators like
4 WSO2 Quickstart – what we have verified
5 WSO2 ESB Proxies – what we have implemented so far
6 Next Steps – what we are about to add
2
4. Connected Life & Work @ Car
Services of Telekom and Service Providers
E-Call / B-Call at home
Remote Diag.
Remote Mgmt. Calendar Phone/Email Internet Communities
Navigation mobile
…
in the office
Music Photos Videos Local Services
Adaption for Car Drivers Connected Life & Work
@ Car
Suitable Controls
in the car
Voice Control Touch Control
5. Connected Car – Our positioning in the target markets
Logistics Fleet Operators
Cost-efficient and vendor- Modular retail solution
independent tracking & tracing for the integration of customer-
of truck, trailer and goods specific processes into the
vehicle
Solutions
OEM Consumer
Flexible white label platform Cost-efficient retail solution
for the integration of brand- for safe and driver-specific
specific services and 3rd party usage of communication and
applications infotaiment features
Deutsche Telekom’s contribution
We connect the vehicle with its environment
and the driver with his private and professional services.
6. Connected Car – Intelligence in the cloud (open system)
All services on all screens!
@Car @Mobile @Office @Home
Embedded Retail Solution
Connected Car Platform
OEM Services Telekom Services 3rd Party Services
Central Platform Services
Identity Management Billing Installation & Updates Security …
7. Connected Car – Dynamics of open platform
OEM Suppliers
White Label White Label
Telco Provider Devices
Connected Car Platform
Any to any Enabling Services Any to any
Identity Installation & Secu- …
Management Billing Updates rity
Revenue Revenue
Share Revenue Share
Share
Service Provider Government
Content Provider
8. Connected Car Platform – based on existing and future standards
Client Backend Infrastructure
Operating Standards e.g. OMA-DM
Security Standards e.g. SSL, SAML
Application/Service Standards e.g. eCall
Embedded Protocol
Standards Standard Architecture
Standard
OSS/ BSS
Architectures, e.g. http/https
GENiVi, OSGi, … GPRS
SMS
… Interface SOAP
Smartphone REST
Standards
Existing Platforms …
e.g. iOS, Android,
Windows, …
Connected External Services
OMA-DM = Open Mobile Alliance - Device Management, OSS/BSS = Operational Support Services / Business Support Services
OSGi = Open Services Gateway initiative, SOAP = Simple Object Access Protocol, REST = Representational State Transfer
9. Connected Car Architecture
Client / Device Cloud / Central
Embedded Smartphone Central Platform
Display device
Network Core Services / Contents
Management National Internat.
Core Services
National,
Stolen International/
Vehicle Navi- Musi 3rd Party Provider
eCall E-Mail … … …
Trackin gation c
g M2M Platform TSP1)
De/Activation,
Management Platform (ECCP) Mgmt. Platform (ECCP) Management Platform (CCCP)
Configuration
Enabling Services: Enabling Services: Netw. Services, Enabling Services:
Remote Device Management Rights Management HMI … Rating, Billing, Remote Device Mgmt. Rights Mgmt.
Monitoring Identity Management Monitoring Ident. Mgmt.
Monitoring/
Security GPS Positioning Security Portal Server
OTA Communication Portal Reporting
OTA Commun.
Onboard Communication Unit (OCU) Hardware Network Data Center
Infrastructure
CAN Controller WiFi
CPU/ Storage Bluetooth
Power Management SIM
Security GPS
SIM SIM 1) TSP = Telematics Service Provider
DT Offering OEM Offering 3rd Party Offering
10. Central Connected Car Platform (CCCP) - Big Picture
Core Services
External
SOA
Service
Device Gateway Backplane
Integrator
TCP M2M-
TCP … Admin
DT Payment
SMS
cache
cache
cache
cache
Security
Security
Security
Security
Security
Security
Security
Security
Services
Service Integration Bus
SOAP Content
Provider
JSON CallCenter
http
http
Protocol Buffer External
Handlers Queues CRM
Download Gateway External
Billing
TCP
Security
Security
Security
Security
Security
Security
Security
Security
cache
TCP External
http Payment
http Operational Support Services Business Support Services
OEM
Plattform
Service Portal Central Database
Services Portal
TCP Solutions
Security
Security
Security
Security
Security
Security
Security
Security
TCP
cache
cache
cache
cache
http Enabling Services Rental
http Services
11. Central Connected Car Platform (CCCP) - Big Picture
Core Services
External
SOA
Service
Device Gateway Backplane
Integrator
TCP M2M-
TCP … Admin
DT Payment
SMS
cache
cache
cache
cache
Security
Security
Security
Security
Security
Security
Security
Security
Services
Service Integration Bus
SOAP Content
Provider
JSON CallCenter
http
http
Protocol Buffer External
Handlers Queues CRM
Download Gateway External
Billing
TCP
Security
Security
Security
Security
Security
Security
Security
Security
cache
TCP External
http Payment
http Operational Support Services Business Support Services
OEM
Plattform
Service Portal Central Database
Services Portal
TCP Solutions
Security
Security
Security
Security
Security
Security
Security
Security
TCP
cache
cache
cache
cache
http Enabling Services Rental
http Services
20. Evaluation Criteria
Completeness of Product Offering
Identity Management, Governance Registry and some more products
offered
Integration with e. g. BPEL
31. Evaluation Criteria
Mobile and Wireless Communications Standards Web Service Standards and Protocols
UMTS WSDL, RESTful HTTP
LTE SOAP
GSM WS-Security
WiFi (IEEE 802.11) WS-Policy
Network Protocols WS-Interop
TCP Security
UDP SAML
HTTP XACML
FTP XKMS
SMTP X.509
POP3 Runtime Platforms
OMA DM JVM
Network Cryptographic Protocols OSGi
SSL Design and Development
TLS Java Enterprise Edition 6.0 (JPA, EJB 3.0, JMS, JMX,
Data Definition and Retrieval JSF, JAAS, JAX-WS, JAX-RS)
XML HTML 5
XML Schema (XSD) UML 2.0
JSON SOA, MDSD
SQL De facto standard frameworks Spring and Hibernate
34. Operational Criteria
Assume we have operators…
… in a large data center
… running a critical system
… with some responsibility for smooth operation also on application level
35. Operational Criteria
Installation
Flexibility – Virtualization, Terminal Server, Ports etc.
works fine
Limited interaction – scripts
complete automatic installation possible
Simple Configuration
few configuration files
36. Operational Criteria
Patch Installation
Patch Strategy
just directories & database
Patch Deinstallation
restore files / db reimport
37. Operational Criteria
Integrity
Transactionality
to some degree, but we have a SOA
Poison message problem
fault queues supported, still really difficult
Integrity checks
Load balancing
38. Operational Criteria
Availability
Online Backup
Consistency after reconnect
Consistency after crash
Consistency after point-in-time recovery
bad problem in distributed systems
Disaster tolerance
42. Operational Criteria
More Security
SSL / certificates
SSL out-of-the-box
Logging
nice job for an ESB
LDAP & password management
43. Operational Criteria
Even more Security
Security concept
Baseline Protection („IT-Grundschutz“)
>4000 pages provided by the german BSI
44. Operational Criteria
Privacy
Compliance with Data Protection Acts
Data Economy
do not take more data than necessary
Data Reduction
erase data, even backups
46. Operational Criteria
Monitoring
of availability
echo services
of resources
memory, cpu, network, processes, threads
of performance
similar to BAM
47. Operational Criteria
Monitoring
Logging / log levels
Logging to the database
Event Correlation
using global identifiers in messages
Auditing acceptability
in some cases required by law
49. Operational Criteria
…a lot of stuff, and WSO2 meets the requirements.
And one more:
Professional Support
for analysis / bugfixing
… and for a Quickstart Workshop.
51. Quickstart Workshop
Quickstart Workshop
Time & Place:
6 days in June 2011 in Bonn / Germany
Team:
2 architects/developers from WSO2
about 4 architects/developers from T-Systems
Goal:
Proof of concept for the required features
53. Quickstart Workshop
ESB Management Console
Pitfalls:
only one login cookie
per host in a browser
… and we used ssh port forwarding to localhost
maybe use several hostnames per host
SSL Certificates and hostname vs. DNS name vs. IP
symptom: empty soap request templates
using hostnames worked for us
54. Quickstart Workshop
SOAP Proxy
straight forward
may include WSDL
Pitfalls:
references to XSDs
set schemaLocation in <xs:import>
reachable by the browser vs. reachable by the ESB
60. Quickstart Workshop
Portability of ESB configuration
in filesystem: simple copy
in Governance Registry: export/import
very nice and simple!
Pitfalls:
ESB must be running when the files are deployed,
otherwise they are never read
Resources must be deployed first,
otherwise proxy definitions may complain about missing files
61. Quickstart Workshop
Filtering and Dynamic Routing
<filter xpath="fn:number(get-property('a')) > 10">
<then>
<send />
</then>
<else>
<header name="To"
expression="get-property('ENDPOINT')"/>
<send/>
</else>
</filter>
clean, but still verbose compared to non-xml languages
“if ($a > 10) send(); else send(to => $endpoint)“
62. Quickstart Workshop
Mapping based on DB table
<dblookup>
<connection>
<pool>
<password>wso2</password>
<user>wso2</user>
<url>jdbc:mysql://192.168.3.4:3306/wso2</url>
<driver>com.mysql.jdbc.Driver</driver>
</pool>
</connection>
<statement>
<sql>select mapped_id from mapping_table where id = ?</sql>
<parameter expression="get-property('ID')" type="VARCHAR"/>
<result name="mapped_id" column="mapped_id"/>
</statement>
</dblookup>
68. Quickstart Workshop
WS-Security
the usual steps for handling certificates
and some stuff to declare the policy
but otherwise quite simple
69. Quickstart Workshop
OpenID
ESB as an OpenID provider
SAML
ESB as a security token service
quite some stuff to do
SAML2 single sign on
70. Quickstart Workshop
Business Activity Monitoring
WSO2 BAM server
ESBs cache and send events to BAM
e. g. count by xpath expression
71. Quickstart Workshop
Benchmarks
with JVM memory settings increased
up to 1680 req/s for SOAP proxy
with client/ESB/backend running in VMs
on a single host with 2 x Xeon X7460
difficult to measure on VMs
at least reasonable fast
Pitfalls:
the ESB may be faster than your client or backend
72. Quickstart Workshop
Result of the Quickstart Workshop:
WSO2 Components really work fine
Final Result:
Let‘s try and take WSO2
all necessary features
sufficiently mature
relatively lightweight
very good personal support
75. Central Connected Car Platform (CCCP) - Big Picture
Core Services
External
SOA
Service
Device Gateway Backplane
Integrator
TCP M2M-
TCP … Admin
DT Payment
SMS
cache
cache
cache
cache
Security
Security
Security
Security
Security
Security
Security
Security
Services
Service Integration Bus
SOAP Content
Provider
JSON CallCenter
http
http
Protocol Buffer External
Handlers Queues CRM
Download Gateway External
Billing
TCP
Security
Security
Security
Security
Security
Security
Security
Security
cache
TCP External
http Payment
http Operational Support Services Business Support Services
OEM
Plattform
Service Portal Central Database
Services Portal
TCP Solutions
Security
Security
Security
Security
Security
Security
Security
Security
TCP
cache
cache
cache
cache
http Enabling Services Rental
http Services
76. ESB Proxies
Automatic ESB installation
unzip, change ports etc.
delivery built by Jenkins
Automatic service installation
One script to set up everything from scratch
77. ESB Proxies
Task #1: Proxies for existing SOAP services
33 services, 159 XSDs
modelled in Enterprise Architect
WSDLs generated via EMF scripts (xtend/xpand)
78. ESB Proxies
Strategy:
convert existing WSDL/XSDs
to ESB proxy service definitions
by XSLT called by ant
customized by a host-specific config file with URLs
deploy to the ESB via file copy
Pitfall:
Do not use subdirectories for XSDs!
79. ESB Proxies
Task #2: Proxy for another SOAP service (task #2)
simple
Pitfalls:
Every external real-world service seems to be a little different
namespaces, path conventions, casing,
dependencies on external XSDs…
80. ESB Proxies
Task #3: Proxy for non-XML HTTP POST and GET service
use URL rewrite
set body via <enrich>
Pitfalls:
Make sure to set no-proxy in your browser.
And make sure the browser cares.
Don‘t be fooled by your browser‘s cache.
Use TcpMon!
81. ESB Proxies
Task #4: Proxy with Transformation
define XSLT mediators for in and out sequences
generate ID via JavaScript
Pitfalls:
Enough. XSLT is designed for simple transformations,
not as a comfortable full-featured language.
Make sure your service is redeployed when necessary.
Changing just an XSLT may not be sufficient.
82. ESB Proxies
Task #5: Proxy for binary XML
one proxy for both XML and WB-XML
use ApplicationXMLBuilder / -Formatter
Pitfalls:
It‘s simple as soon as you have found the right builder/formatter
and the right options.
DISABLE_CHUNKING was required.
83. ESB Proxies
Task #6: Proxy for POST with Query Parameters
simple
Pitfalls:
Hit a bug - Query Parameters got dropped
inSequence works fine if an URL rewrite is inserted
Fix provided by WSO2
84. ESB Proxies
Result:
Everything works so far!
after fixing a bunch of simple problems
86. Central Connected Car Platform (CCCP) - Big Picture
Core Services
External
SOA
Service
Device Gateway Backplane
Integrator
TCP M2M-
TCP … Admin
DT Payment
SMS
cache
cache
cache
cache
Security
Security
Security
Security
Security
Security
Security
Security
Services
Service Integration Bus
SOAP Content
Provider
JSON CallCenter
http
http
Protocol Buffer External
Handlers Queues CRM
Download Gateway External
Billing
TCP
Security
Security
Security
Security
Security
Security
Security
Security
cache
TCP External
http Payment
http Operational Support Services Business Support Services
OEM
Plattform
Service Portal Central Database
Services Portal
TCP Solutions
Security
Security
Security
Security
Security
Security
Security
Security
TCP
cache
cache
cache
cache
http Enabling Services Rental
http Services
87. Next Steps
NGTP (Next Generation Telematics Pattern)
Binary messages
Header may be processed by the ESB
Plugin (Builder) to be implemented in Java
88. by NGTP Group, cc-by-sa, http://creativecommons.org/licenses/by-sa/3.0/legalcode
89. Next Steps
Hardware Security Modules (Cryptoserver)
Idea of HSMs:
Offer restricted set of cryptographic operations
But keep the keys inside
90. Next Steps
Why use Hardware Security Modules?
Keys kept secure
Hardware acceleration
Non-standard implementations
91. Next Steps
Using a Hardware Security Module
Typically some binary TCP protocol
Java module for the ESB may be developed
With all operational requirements:
Reconnect, failover, logging, …
92. Next Steps
OSGi
2 ways to deploy services
as a stand-alone web service e. g. on Tomcat
as an OSGi module within the ESB or within Carbon
Maybe go for OSGi
Easier to handle?
Better dependency management?
With less resources?
Better deployment options?
93. Next Steps
WSO2 Stratos
Software for Platform as a Service (PaaS)
T-Systems plans to become a PaaS Provider
for the Connected Car Platform
94. Elektromobility Services based on the Connected Car Platform.
Existing services: Planned services:
Track/Trace/Locate: where is my car, Mobility Services: choose best means of
when will I arrive? transport
Diagnosis/Maintenance/Health: Driver-specific informationen: e. g. heating
Charge status, Status of eCar dependent on data from a server
components
Charging: Authentifikation/Authorization,
POI/Navigation: next Charging Point Charge Control, Billing
95. Summary
T-Systems provides the Connected Car Platform
Generic platform for services used in cars
WSO2 contributes the Middleware
ESB
Governance Registry, Identity Server, Stratos
Development is ongoing
96. Thank you for your attention.
======!"§==Systems=
Dr. Andreas Wichmann
Systems Integration.
T-Systems GEI GmbH
Vorgebirgsstr. 49, 53111 Bonn
Address: Phone: +49 228 9841 4447
Contact: Fax: +49 228 9841 5158
Mobile: +49 170 9223 406
E-Mail: andreas.wichmann@t-systems.com