Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Role of Rest vs. Web Services and EI

2,747 views

Published on

Published in: Technology
  • Be the first to comment

Role of Rest vs. Web Services and EI

  1. 1. Role of REST Vs. Web Services & Enterprise Integration Hiranya Jayathilaka Associate Technical Lead PMC Member (Integration Technologies)
  2. 2. A Word About WSO2• Founded in 2005 by acknowledged leaders in XML, Web Services technologies & standards and open source. Primary contributors to Apache Web Services projects started in 2001.• Producing entire middleware platform 100% open source under the Apache license.• Business model is to sell comprehensive support & maintenance for our products.• Technology OEM’d by IBM, Progress, Software AG, Alcatel, EMC and CA.• Venture funded by Intel Capital and Quest Software• Global corporation with offices in Palo Alto (USA), Portsmouth (UK) and Colombo (Sri Lanka).• 150+ employees and growing.
  3. 3. What is REST?• REpresentational State Transfer• Lightweight, client-server architecture• Interactions are based on the transfer of resource state representations• Systems exchange state representations and perform application state transitions• Mostly implemented using HTTP
  4. 4. Richardson Maturity ModelLevel 3: Hypermedia Controls• Hyper text as the engine of application stateLevel 2: HTTP Verbs• Many URIs, each supporting multiple HTTP methodsLevel 1: Resources• Many URIs, one HTTP methodLevel 0: XML Over HTTP• One URI, one HTTP method
  5. 5. An Example…• Learning Management System for a college• A number of fundamental concepts – Student – Course – Teacher• In a RESTful design these concepts are likely to become the ‘resources’ managed by the LMS
  6. 6. The “Student” Resource State• Name• Age• Registration number• GPA• Date of birth• Contact information
  7. 7. State Representation - XML
  8. 8. State Representation - JSON
  9. 9. Representational State Transfer• Clients and servers interact with each other by exchanging – Resource state representations – Other control information• Applications are state machines – Exchange of resource state representations and control information can result in application state transitions
  10. 10. HTTP Based RESTful Interactions
  11. 11. REST Today!• Developers and architects realize the power of REST and appreciate its lightweight nature• Lots of tools, libraries and frameworks to make RESTful development easier• Well suited for modern IT trends – Mobile apps – Rich web applications – Social media
  12. 12. Nothing But REST?• Most organizations have already invested heavily in IT and have adopted countless technologies – Legacy systems – J2EE, .NET, LAMP – CORBA, DCOM, RPC, SOAP – … and much more• Replacing these existing systems is risky and ridiculously expensive
  13. 13. REST in Peace, SOAP?• Not in our wildest dreams – New WS-* standards introduced frequently – Many developer friendly tools and frameworks – Comprehensive and highly interoperable platform – Sponsorship of many large scale software vendors• SOAP, WSDL, WS-*, BPEL – They are all here to stay (at least for the foreseeable future) – REST will continue to be dominant in the public web API space
  14. 14. “Hang in There SOAP”
  15. 15. Moral of the Story…• Replacing existing technologies is not easy• Every technology has its own strengths and weaknesses – Despite its arcane terminology, the structured description capabilities of the WSDL standard is being praised even by hard-core fans of REST – No technology can be designated “universally superior”
  16. 16. Coexistence over Conquest• RESTful applications should play nice with other technologies• Need powerful integration mechanisms between REST and other technologies (most notably SOAP)• Design applications in a manner so that the weaknesses of one technology is complemented by the strengths of another – Best of both worlds scenario
  17. 17. Key to Success• Organizations that have realized the value of “coexistence over conquest” have reaped fruitful results – Amazon – eBay – Google• Opens up the business for all types of developers and clients – Breaks down barriers for technology adoption
  18. 18. Good Times for Developers!• Adding REST support to an existing enterprise architecture creates many interesting problems and lucrative opportunities for developers – Developing RESTful applications – Integrating REST applications with the ‘rest’ – Exposing existing services over REST – Security – Provisioning – Monitoring and usage tracking• “Developers are the new king makers” – James Governor
  19. 19. Developing RESTful Applications• Can be done with any web development technology – HTML, PHP, ASP, CGI…• Servlets and JSP are popular in the Java world• JAX-RS catching up fast – Apache Wink – Apache CXF – WSO2 Application Server
  20. 20. Integrating RESTful Applications
  21. 21. Exposing Existing Services Over REST• Use the tried and tested gateway pattern Consumers• Lock down all the implementation details of the backend systems behind an API gateway REST API and expose a clean Gateway REST API• Pay attention to the number and granularity Backend of exposed operations Services
  22. 22. WSO2 ESB as an API Gateway
  23. 23. REST APIs in WSO2 ESB
  24. 24. Basic Features of an API Gateway• Transport switching• Message transformation and content negotiation• Lightweight orchestration• High performance (low latency mediation)• Monitoring
  25. 25. Security• More exposure = More vulnerabilities• Access to critical business applications must be secured at API gateway level – Do all security checks as early as possible• Use HTTP friendly security mechanisms – Basic Auth – OAuth
  26. 26. API Security Enforcement in WSO2 ESB
  27. 27. A Simple Security Architecture
  28. 28. A More Comprehensive Approach with API Keys
  29. 29. API Store Front
  30. 30. Managing System Load• RESTful applications are usually lightweight and fast – But your backend services may be not• Track the usage of REST APIs at the gateway and turn down requests if the load becomes too high – If the APIs are restricted to a particular group of clients, consider implementing some IP based throttling mechanism – Use time based throttling to prevent legitimate clients from overwhelming a service
  31. 31. Throttling Support in WSO2 ESB
  32. 32. Throttle by SLA
  33. 33. Caching• Another very effective way of reducing the overhead on backend services – Cache as many responses as possible in the gateway and try to minimize calling backend services• Added benefit: Improved performance (better user experience)• Need to have proper cache invalidation mechanisms in place
  34. 34. Caching Support in WSO2 ESB
  35. 35. API Provisioning• REST integration is not a one-off activity. Once adopted you will be doing it for the ‘rest’ of your working life.• Should be able to easily add new REST APIs to the API gateway – Ideally should be a single click operation – Should not result in a downtime of existing APIs• REST API governance
  36. 36. API Provisioning in WSO2 ESB
  37. 37. API Provisioning in WSO2 API Manager
  38. 38. Monitoring & Usage Tracking• Log and record all accesses to your exposed RESTful interfaces at the API gateway – Both valid and invalid accesses – At very least have a HTTP access log• If you already have a monitoring system in place, integrate it with the API gateway – Syslogs, JMX, BAM• KPI monitoring and SLA monitoring• Tracking API usage
  39. 39. What to Do with Collected Data?• Periodic audits• Dashboards and reports – For both API providers and API consumers• Capacity planning and traffic engineering• Vulnerability detection• Marketing and promotional activities
  40. 40. Monitoring WSO2 ESB
  41. 41. WSO2 API Manager with BAM
  42. 42. WSO2 API Manager with BAM
  43. 43. API Monetization• Turning inbound API calls into cash• Prevent third parties from making profits out of your APIs - Prevent disenfranchisement• Provide a monitored sandbox environment where third parties can develop applications using your APIs – Close off or restrict access to the APIs from outside the sandbox environment – Have a robust model for reviewing, approving and publishing third party applications
  44. 44. Your Business as a Service App App App App PaaS for Managed Third Party Apps (WSO2 Stratos) API (WSO2 API Manager) Services, Processes, Applications, Data (Business IT Assets)
  45. 45. Summary• What is REST?• REST vs. SOAP and other technologies• Exposing existing systems over REST – API gateway pattern• Techniques for securing, provisioning and managing REST APIs• API monetization
  46. 46. Resources• REST and API management with WSO2 ESB (Webinar): http://www.youtube.com/watch?v=YNfa88-DWQU• ESB Tipcs & Tricks: Introduction to REST APIs (Blog): http://techfeast-hiranya.blogspot.com/2012/04/wso2-esb-tips- tricks-09-introduction-to.html• REST API samples (Documentation): http://docs.wso2.org/display/ESB403/Sample+1+Introduction+to+R EST+API• Introduction to AppFactory (Blog): http://blog.cobia.net/cobiacomm/2012/04/16/what-is-wso2- appfactory/• WSO2 API Manager beta program (Press Release): http://wso2.com/about/news/wso2-begins-recruiting-beta- customers-for-new-wso2-api-manager-product/
  47. 47. Selected Customers
  48. 48. WSO2 Engagement Model• QuickStart• Development support• Development services• Production support• Turnkey solutions – WSO2 Mobile Gateway Solution – WSO2 FIX Gateway Solution – WSO2 SAP Gateway Solution
  49. 49. Thank You

×