Paul Butterworth S O A Runtime Governance Practices

1

Founding Sponsors

This Presentation Courtesy of the

International SOA Symposium

October 7-8, 2008 Amsterdam Arena

www.soasymposium.com

[email protected]

Gold Sponsors

Platinum Sponsors

Silver Sponsors

SOA Runtime Governance

Practices

Paul Butterworth

Chief Technology Officer

AmberPoint, Inc

October 2008

2

© 2008 AmberPoint, Inc. 3

Agenda

SOA Topologies

SOA Runtime Governance Practices

Discover

Manage Service Quality

Manage Business Transactions

Prepare for greater scale

Validate changes

Based on experiences with ~200 users


firewall

Typical Service Network Topology

Shared Services External

Services

Order Entry

Accounting

Partner

Internal Services

Credit

Services not applications

Shared

Dynamic

Federated

3

© 2008 AmberPoint, Inc.

Typical Service Network Infrastructure

JavaService

MainframeApplication

WebService

DBMS

BizApplication

BizApplication

Network

Service Bus

Appliance

In all but the newest of environments, “SOA” ≠ “Just Web Services & XML”


Keys to Successful Governance and Management of SOA Applications

Continuous SOA Discovery

Service Management &

Security

http://www.datapower.com/partners/xmlswitching.html

http://www.sybase.com/home

http://www.oracle.com/index.html

http://www.sap.com/index.epx



4


Keys to Successful Governance and Management of SOA Applications

Business System Validation

Closed Loop Governance

Continuous SOA Discovery

Service Management &

Security

Business Transaction

Management

Business

Architects & Development

Operations


Agenda

SOA Topologies


Discover




Validate changes

Based on experiences with ~200 users

5


Messaging

Discovery and Application Mapping

Dynamic Discovery of your SOA environment…

Application Flow & Transactions

Dependencies

Services

Consumers

Runtime Policies & Metadata

…across Heterogeneous Infrastructure

Containers

ESBs & Process Engines

Appliances

Registries / Repositories

No application, message or header modifications

Closes the loop with design time governance

A complete accounting of your SOA application environment

Intended DesignRunning Reality

Repositories

Service

Registries

Home-grown

Databases


Hybrid Discovery Model

Enterprise Service Bus

• Approved Services• Intended Usage• Policies

Runtime

Repository

Policies

Data / Results

servicecontract

• Services (discovered, changes)• Scorecard Information• Policies (new, changes)

Discovers

Publishes

Publishes Changes to services, endpoints and policies

Scorecard metrics – availability, performance, etc.

Dependencies

Detects discrepancy between intentions

(design/dev) and reality (runtime)

RealityDesign

vs.

Service Management

Xact Management

System Validation

Closed Loop Governance

Ensures Closed Loop Governance

??

?

SoftwareDevelopment

Tools

DevelopmentTools

Repositories/Registries

Home-grownDatabases





6


Detailed Metadata of Your SOA Environment

Operational Info: When service was

discovered

Availability

Type of service

Type of container

Link to WSDL

Business Info: Business owner

Division

Version

Etc.

Custom: Chargeback info

Risk assessment

Links to URL‟s

Etc.

Operational Info

Business Info


Agenda

SOA Topologies


Discover




Validate changes

7


Service Quality Management

Monitor Performance & Availability Trends, thresholds, varying intervals, etc.

Isolate areas of interest Recent additions

“Rogue” services

Problem areas

Specific application groups

Filters

Detail

Graphical ViewTable View

Monitor Security

Respond to anomalies


Service Level ManagementService- and Business-level Visibility

ServiceView

Alerts

UserSummaryandObjectives

HistoricalReporting

Enforce agreements based on business criteria Flexible calendars, multiple objectives

Granular visibility – groups, users, services, operations

Preventative and corrective actions

8


Firewall

IdentityManagement

Systems

SecurityFirst- and Last-Mile Enforcement

First Mile Security- Client-side agent- Automatic enforcement of out-bound security

Last Mile Security- Plug-ins provide endpoint protection

- No ability to circumvent

Extensive Integration- Identity Management Systems

- Security Appliances- App Server / ESB / OS Security

<?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData

Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData>

<CipherValue>A23B45C56</CipherValue>

</CipherData> </EncryptedData> </PaymentInfo>

env:Fault>

Unknown Servic

"urn:ups-shipping

Service Downserver:8192/e

/soapenv:

<Name><Encrypted

Type='http <CipherDa

<Cipher</Ciphe

Complete Policy Library

- Authentication- Authorization- Credential Mapping- Censorship- Crypto


Agenda

SOA Topologies


Discover




Validate changes

9


Business Transaction Management Managing Individual Services is Not Enough

Real business value is associated with complete, end-to-end transactions Order management

Claims processing

Sales lead qualification

On-line reservations

Common Issues... No overall view into transaction

status

Minimal business visibility

Slow end-to-end response times

Transactions "disappear"

Business Impact Internal fire drills and finger

pointing

Unhappy customers

Lost revenue

Process Engine Service Bus

End-to-End

Technical Challenges

Transactions flow through both service and non-service based components Services Applications ESBs Process Engines Databases

Variety of architectures Synchronous and asynchronous

messaging Long running transactions – hours,

days, ...


Business Transaction ManagementMonitoring Performance, Availability & Service Level Agreements

TransactionPerformance &Availability

ServiceLevelViolations

ConsumerSLA’s

HistoricalReporting

Enforces agreements in real time

Enables preventative and corrective actions Not just reporting

violations after its too late

Business Groups Platinum, Gold, etc.Accounting,

Shipping, etc.


End-to-End

10


Business Transaction ManagementBusiness Instrumentation

19

ConsumerSLA’s

BusinessGroups

BusinessInstrumentation

Track business value flowing through the system Track revenue, total orders, etc. Can customize instrumentation and dashboards


Business Transaction ManagementReal-time Detection of Exceptions

Handles Technical and Business Exceptions Stalled transactions, missing steps, error

messages Incorrect data values, boundry

conditions, etc.

User-defined Exception Policies What to look for – leverage message

content Action to take – notify, intervene, etc

Rejected OrderAlert

11


Agenda

SOA Topologies


Discover




Validate changes


Runtime Policy Enforcement: Service Virtualization

Abstracts service changes and versions behind a published „façade‟ (a „virtual‟ service)

Enables endpoint routing, load-balancing, failover, transformations etc.

•Sees simpler interface

•Service changes don’t show through.

Before After

Virtual

Svc

(PEP)

•Load balance•Route•Transform•Version

Service

AService

B

OrderLookup

ChangeDate

ChangeQty

ScheduleShip

ChangePrior

LookupETA

Service

AService

B

OrderLookup

ChangeDate

ChangeQty

ScheduleShip

ChangePrior

LookupETA

12


Policies with a “where clause”

Automatically applies policies based on dynamic attributes and message content. All production services

All services in Accounting application

All services deployed in WebLogic containers

User-defined attributes for services, containers & policies

Assignments are reevaluated as attributes change

Automatic Policy Provisioning

s1 s5

s4

s2s6

s3

where“Accounting”

SecurityEncryption

allservices

One-at-a-Time Approach

where deployedon .NET app servers

Logging

Profile Based Approach

s1

p1

s2

s3

s100

p1 p1 p50

100 svcs x 50 policies

5,000policy points

Load-BalWeighted

Can manage system on “autopilot” where policies are

automatically assigned as appropriate.

Eliminates production mistakes by reducing manual steps.


Agenda

SOA Topologies


Discover




Validate changes

13


“Approved”

25

Business System ValidationDistributed Components and Reuse Puts Business Systems at Risk

Impact of any changes ripple throughout the system

Real impact of planned changes is hard to predict

Impact of unplanned or unannounced changes can be devastating

Yet, most SOA environments find it impossible to setup and replicate all

dependent systems for testing elsewhere

And, new use and reuse creates blind spots in preproduction procedures

Design Development QA

Development Staging Production


Need to Validate Integrity of the Entire System Before Installing Changes


Validate Impact on Dependent Systems

Development Staging Production


The “Preflight Check” for SOA Systems

: Security Policies Functioning

Unexpected Deviation for

B2B Partner Usage

: WS-I Compliant

: Capacity Adequate

Validation Checklist

Acceptance testing of pending changes to SOA environment New Versions of Services

Policy Changes

Bug Fixes

Infrastructure Patches, etc.

Uses knowledge of dependencies and observed interactions

Simulates services that can’t be replicated in pre-production environments External services

Fee-based services

Gives Staging and Operations a final check before deploying changes

14

27

Q&A

Paul Butterworth

[email protected]

510.663.6300

Paul Butterworth S O A Runtime Governance Practices

Technology

soa application environment

upsshipping service

business transactions

international soa symposium

successful governance

operational info business

wsdl business info

closed loop governance