"We didn't start the fire ... it was always burning since the world's been turning ..." [Billy Joel 1989]. Is SOA the "Same Old Architecture?" or is it "Simply Over Ambitious?" Let's apply SOA's arsenal:: XML, BPM, Services, SOAP, Web Services - to the real world and find out. Let's put out some fires.

« September 2009 | Main | November 2009 »

October 28, 2009

Has Cloud Computing given SOA another big push?[Part 2]

By Brahma Acharya

Service design considerations for Cloud
In the first part I talked about how SOA and cloud computing converge. SOA does give us the ability to move around services to the cloud. However it might not be sufficient to design services the traditional way. Cloud brings with it a whole new way of doing things. Cloud enabled services should have the following consideration:
 

  •  Think Parallel: Design your services such that they can be run in parallel. Distributed processing framework like Hadoop and Map/Reduce have made it possible to run applications concurrently on multiple nodes without much effort. Also, think if the services can be run in a multi-processor environment on parallel threads.
  •  Cost implication: A cost benefit analysis is a must before the services are moved to a cloud. Cloud vendors typically charge for bandwidth usage, execution time and storage cost. As such it is important that the service designers and developers keep that in mind. Resources should be sparingly used and released at the earliest possible opportunity. Data transfer between consumers and clouds should be properly analyzed. For ex: If the service needs huge volume of input and output data it might not be a good candidate for Cloud. The overall cost of hosting such a service in the cloud may actually exceed than that of in-house maintenance.
  • Design for failure: Cloud platforms are built to handle failures. However there could be downtime and network issues. The application should be designed and deployed in such a way that a failure in the cloud service doesn’t impact mission critical application. For ex: customers of an e-commerce application should be able to shop even though the disks are failing and data centers are down. Amazon’s Dynamo is one such platform which provides such reliability.
  • Avoid Vendor lockdown: This is more relevant to the SaaS and PaaS model. Ideally the consumers should be able to move from one cloud provider to another without hassle and avoid any sort of vendor lockdown. This seems a little far-fetched at this point of time. Efforts are on to form an open standard for the Cloud. The opencloudmanifesto is a step in that direction. The Open group has also got into the act of providing an open standard.
  • Regulations and laws: In certain cases it might be mandatory as to where the data can be hosted. Some laws like SOX and HIPPA might prohibit enterprise to move certain category of data out of their premises. Services should take these into account.

 

 Conclusion
Cloud computing is revolutionary in nature. The benefits are too compelling to ignore. As the cloud space heats up, it is important to align your organization properly.  Organizations who have implemented SOA will find it easy to move to a cloud environment. Such applications are not limited by the existing hardware and software. However sufficient due-diligence needs to be done before embarking on a full-fledged cloud exercise.

 

 

Posted by Guest Author at 04:20 PM | | Comments (0) | TrackBacks (0)

October 26, 2009

SOA Symposium reveals SOA manifesto

By Murteza Salemi

Within SOA space we have seen many definitions for what exactly SOA is, what problem it can solve and how. These varied and diversified definitions have been the main source for the confusion among both the business users and technical architects on what SOA is and how it can help. A group of smart experts and practitioners have acknowledged this issue and came together during 2009 to develop the SOA manifesto. The SOA manifesto consists of a set of core values and principles that can guide the SOA initiatives and programs on their SOA journey to make sure they do not go astray and keep them on the right path.

SOA manifesto clearly demonstrates the shift in the understanding of the SOA world toward business-centric vision of the Service orientation. It is pretty much in sync with OASIS SOA Reference Model and coming Reference Architecture (RA) standards. What significant about this manifesto is that SOA standards and best practices from different standard groups and SOA thought-leaders have started to demonstrate a tendency to merge focuses and recommended directions, which is very important and pleasant fact. The authors of SOA manifesto say that they "value the items on the right" but "value the items on the left more":

  • Business value over technical strategy
  • Strategic goals over project-specific benefits
  • Intrinsic interoperability over custom integration
  • Shared services over specific-purpose implementations
  • Flexibility over optimization
  • Evolutionary refinement over pursuit of initial perfection

 

Following are some of the guiding principles:

  • Respect the social and power structure of the organization.
  • Recognize that SOA ultimately demands change on many levels.
  • The scope of SOA adoption can vary. Keep efforts manageable and within meaningful boundaries.
  • Products and standards alone will neither give you SOA nor apply the Service orientation paradigm for you.
  • SOA can be realized through a variety of technologies and standards.
  • Establish a uniform set of enterprise standards and policies based on industry, de facto, and community standards.
  • Pursue uniformity on the outside while allowing diversity on the inside.
  • Identify services through collaboration with business and technology stakeholders.

 

For a complete list of the principles refer to the SOA manifesto.

 

 

 

Posted by Guest Author at 04:54 AM | | Comments (0) | TrackBacks (0)

October 25, 2009

Considering your SOA journey? Be aware of SOA Pitfalls

One of the fundamentals about SOA that every enterprise needs to understand is where they stand today before starting the SOA journey – are they ready to take the plunge? Understanding this would give a quick overview of the organisations readiness and maturity of SOA. Thereby ensuring that the common SOA pitfalls are avoided and right strategy and associated programme/initiatives are identified for starting SOA journey for the organisation.

In this blog, I would quickly touch upon the most common SOA pitfalls. The list looks very common, but on the ground the SOA team tend to more often ignore these common ‘must to do’ things due to the high visibility and demand (to deliver against a tight deadline) of the SOA initiative and excitement to work on the cutting edge technologies.

  • Starting too big and starting at the wrong place/time. Before beginning the SOA journey, one needs to ensure that the right initiative is identified to manage the expectation of SOA outcome. For example, achieving SOA as part of a high profile time critical business transformation program would be the wrong place. Another situation could be trying to do SOA as part of a program which is already late in the solution delivery process.
  • Isolated technology focus (e.g. Buying the full range of SOA products right at the beginning of SOA journey even though all those are not required at the beginning and without the processes and governance in place)
  • Isolated architecture focus (e.g. Focus only on the integration layer/business services, No focus on infrastructure services)
  • No formal central governance/competency group (CoE or centralize SOA team) and ownership of services. This creates scenarios like ‘unregulated’ development of services without checking reusability leading to redundancy and duplication of services (violates the core principles of SOA)
  • Not adapting (or enabling) the operations and support model to support/leverage SOA (Impact on service management areas: Incident Management, Release Management, Configuration Management etc)
  • No systematic Service strategy (Service planning) and design e.g. Service design without proper business modeling
  • Strategy to measure the value of SOA and report to the stakeholders is absolute must. Not having a plan to measure would be disaster as the value of the SOA may not be clearly visible without the right data (number of time reused, reduced development time, faster response to business etc.) handy
  • Making SOA high visibility and demand sponsorship without demonstrating the value (creating a business case for SOA is always a challenge). Ideal approach sometimes is to do mix of bottom-up and top-down. SOA can be introduced in "stealth" mode (for the business) without creating too much distraction.
  • Not articulating the business value/impact of SOA (direct tangible links to business objectives) and presenting it purely for architectural purity. This limits the business sponsorship and funding

    •  

And at the end ‘Governance’ is KEY to successful SOA. Through an on-going governance process, organisations need to measure how far one is from the SOA goals and what is going good or bad. Having right governance in place, all or most critical pitfalls of SOA could be addressed. Lets define the SOA governance and make it work – you are all set for SOA! 

 

Posted by Shubhankar Sumar at 10:12 PM | | Comments (0) | TrackBacks (0)

October 20, 2009

Has Cloud Computing given SOA another big push?[Part 1]

by Brahma Acharya

SOA has now become main stream. Organizations are slowly aligning themselves to implement SOA to realize the benefits. And then suddenly we have "Cloud Computing"; the new kid in the block. It has generated unprecedented hype. Gartner’s Senior Analyst Ben Pring has mentioned that "Cloud computing has become the phrase du joir". It is difficult not giving enough attention to it. Not to miss the wave, we see cloud vendors pop up every day providing a variety of services. It is being discussed in almost all the IT boardrooms. And rightly so, people have started to realize that this is not just any buzz. It promises to do to IT, what Internet did to business in the early 90’s; a paradigm shift.

Simplistically put, Cloud is about Hardware and Software outsourcing. You don’t care about managing and procuring either of the two. If dissected properly Cloud is a bunch of services delivered over the internet or extranet. Everything from Infrastructure (IaaS) to Platform (PaaS) to Software (SaaS) is exposed as discrete services. Though the concept has been there for quite some time, the current technology advancement in virtualization, grid computing and network reliability has made it a reality.

So with all these in background,

  • Where does SOA come into picture?
  • Does SOA really get affected by this new wave around Cloud?
  • Do the two converge?
  • Is it more important than ever to design applications on the tenets of SOA?

    • The answer to all these is a resounding YES.

    SO what is ‘Architecture’ in SOA – Can we call it Legacy already?

    A typical SOA architecture consists of a UI layer, a BPM layer (Process orchestration), a Service and business component layer and the data access layer (Fig-1). They are all deployed in their own infrastructure within the enterprise. The core of SOA lies in discrete services and processes. Services have explicit boundaries and solve independent business functionality. A process can consist of many of the services in a well orchestrated manner. As an example, an e-commerce application which is designed on SOA principles can consist of a recommendation service, a search service, a catalogue service, a shopping cart service, a payment service and a check-out service (In reality there are 100s of services in an e-commerce application). A buying process can then be developed utilizing a catalog service, a shopping cart service and a check-out service.

    Fig 1: Typical SOA architecture

    Fig 1: Typical SOA architecture

    So why move to Cloud?

    So we have designed our application based on SOA principles. We have achieved flexibility, re-usability, agility and greater maintainability. So why this cloud thing? It turns out that depending on how the architecture is designed we can benefit from the following Cloud features:

    • Cloud has significant cost benefits: This probably is the crux. Hosting applications or part of it on Cloud will significantly reduce the CAPEX and OPEX of an organization. It also reduces the lead time significantly to procure and deploy software and hardware. Important to note that it might not be possible to host entire applications on the Cloud. It would be unwise to run the mission critical applications on Cloud in entirety. There could be security or privacy issues. Being on an SOA platform gives us the flexibility to host part of the application on Cloud. What needs to be hosted on Cloud depends completely on the requirement. For ex: The entire BPM layer can be hosted on "Appian Anywhere" provided by Appian, the BPM SaaS provider. Again the services and their corresponding data can be hosted in Amazon’s EC2 and Amazon’s SimpleDB.

    • Cloud provides better performance with parallel execution: A Cloud platform provides the ability to run jobs in parallel. Platform like Hadoop and Map/Reduce are commonly used in a Cloud platform which can effectively run the jobs in parallel. Properly designed services, if independent of each other can be run in parallel. Also the individual services can be run in parallel if required. For ex: The search and recommendation services can be easily run in parallel.

    • Better SLA’s and better reliability: There seems to be some misconceptions around the stability of the Cloud services. People tend to think that Clouds are less reliable and prone to data hacking and data loss. On the contrary as and when the big players like Microsoft and Google get into this space, they bring in with them the same technology that runs their massive data centers. Most of the cloud providers now provide 3-9s reliability; 99.9% uptime. Though there have been some glitches it is bound to get better with time.

    • Better Agility: Moving into Cloud increases the already agile SOA based applications at multiple levels. New services can be bought from specialist SaaS vendors and can be integrated within no time. A B2C portal can run burst of digital marketing campaign without worrying about software or hardware.

    • Better Scalability: Auto-scaling or Elasticity is an inherent feature of a Cloud platform. The on-demand model will allow application to scale up infinitely. As such seasonal peak loads and a sudden burst in usage is handled transparently by the Cloud.Fig: SOA+Cloud

      • Fig 2: SOA + Cloud 

       

      It is important to note that having followed an SOA based architecture it becomes easy to move various aspects of the application to a Cloud. Figure 2 depicts one scenario of a hybrid environment of SOA and Cloud. The permutations and combinations are literally limitless.

      In the Part 2 of this blog, I will talk about the design considerations  when you are looking to exploit the Cloud while doing SOA.

           

Posted by Shubhankar Sumar at 08:53 AM | | Comments (0) | TrackBacks (0)

October 19, 2009

‘SOA Security’–How much is enough?

by Animesh Ghosh

‘SOA Security’– How much is enough? – Good question, but meaningless without the context. It is a must to spend a while researching exiting security architecture to comprehend the context. In majority of the cases, the organization probably already has a pretty robust security system(s). The challenge with SOA is to figure out how to extend those existing security measures to those services that comprise SOA. Many SOA security solutions are designed to interconnect effectively with existing security functionality. At that point, the security risks might begin to look a bit more manageable and you can proceed with your plans.

It is a fact that SOA security is a complex matter, but my suggestion is not to become overwhelmed by security buzz words. Focus on ‘what you need ‘, not on – ‘what is available in the market’.

Below I have listed my thoughts according to the priority, I think, organization need to think while researching about "SOA Security – how much is enough?"

  • First understand the boundaries and decide what security vulnerabilities are critical for your organisation.
  • Every security risk may not be applicable to you. Focus on vulnerabilities in the ‘OWASP Top 10’ (www.owasp.org) which are known to be common and critical. Many of the vulnerabilities found by security analysis technologies are not likely to occur.
  • Centralize and Externalise security concerns – this is very important to effectively mange security.
  • Make sure ‘Security as a Service’ available ~ 100 %, as Security Service is the gateway to all other services.
  • Stay compliant to standards – very important considering heterogeneous nature of the SOA components.
  • Use XML signatures and encryption to enforce message level security when exchanging data with partners
  • Consider credentials encryption without encrypting the whole XML data structure when the content is not highly confidential.
  • Each time you identify vulnerability, determine its root cause and create a static analysis rule to identify all other occurrences of that same root cause.
  • Always implement effective Logging and Auditing features to catch security breach
  • Avoid Denial of Service (DOS) attacks by employing solutions such as XML Firewall and appliances
  • Treat security vulnerabilities as high priority (severity- 1) bugs—bugs that are critical enough to stop a release. Just one security vulnerability could open the door to devastating attacks.
  • Look for SOA security solutions those are designed to interconnect effectively with existing security functionality.
  • Consider implementing a SOA security solution that enables SOAP message monitoring; federated authentication; application proxy; contract management; certificates, keys, and encryption; and audit logging.
  • Adopt incremental technology delivery and maturity-based approach (expect mixed and hybrid environments)

    •  

    Remember security can create tight coupling in enterprise SOA and can degrade performance

Posted by Guest Author at 11:45 AM | | Comments (0) | TrackBacks (0)

October 16, 2009

Service Category – The world of Confusion

by Murteza Salemi, Shubhankar Sumar 

Coming up with service categories seems at first an easy task but when you start thinking about it and discuss it with other architects, you will be dazzled on how many different definitions exist out there. It is not a matter of which one is right and which one is wrong but how we are going to agree on one set of definitions and terminology so we can talk with each other and using the same words (terminology) without having different meaning (unambiguous) for them.

The best approach is that every organisation or business unit identifies and agrees on a glossary of these terminologies and definitions right at the beginning of SOA journey. On the agreed category, create guidelines and characteristics for each category for ready reference. The same is communicated and mandated by the SOA governance team within all the SOA programme within the organisation.

There are quite a few in the list. Here are some examples of service categories:

  • Business Services
  • Capability Services
  • Activity Services
  • Information Services/Data Services
  • Entity Services
  • Application Services
  • Presentation Services
  • Composite Services
  • Technical / Infrastructure Services
  • Technology Services
  • Utility Services
  • Communication Services
  • Integration Services
  • Bus Services
  • Process Services
  • Master data services

    •  

    Remember – you have to get this fixed right at the beginning of the SOA journey. It looks very trivial things but not having the right set of category defined will have long lasting negative impact and creates confusion within the architecture and business community.

    Lets go and finalise the Service Category if you have not done so.

Posted by Shubhankar Sumar at 08:50 AM | | Comments (0) | TrackBacks (0)

October 15, 2009

Some thoughts on Service Naming

Every web service Designer and Developer possibly have come across service naming standards or best practices in one form or the other. While I do not want to dispute the fact that standards are needed for enforcing good practices that goes a long way in software maintainability and manageability, but then trying to follow a standard without completely understanding the philosophy behind it may not produce optimal results. Now, I do not want to get into pros and cons of particular semantics of service naming either, e.g., naming conventions such as using a verb+noun pair for naming a service, using camel case etc. I will pretty much follow those widely used conventions without a debate.  I will rather try to throw some lights on the common-sense and practical factors that may make service naming less creative and more predictable. Comments and debates welcome.

So thinking with a clean slate – here are some thoughts. IMHO, a good service name should have the following classic attributes (I would not blame you for thinking that I was influenced by OO programming principles in more than one ways):

Service Naming is part of Service Design. Hence one should understand the complete context, functionality and the Layer of abstraction that the service belongs to in a Service Oriented Architecture.  Is it a top-level business orchestration service? Or, is it a much lower level service? Or is it a technical service across business domains? After identifying the Layer a service belongs to, it is easy to

  • Predict its usage scope
  • Identify its potential consumers

And hence the naming can consider making it contextual to the consumers. After all, service discovery is not too far.

Service Name should attempt to portray the functionality of a service in the light of the overall business process context. So one needs to answer questions like what business logic does the service provide? What business processes does it support? If the service name fails to give you flavor of the business context (or, technical context if it is a technical service) then something is missing. Essentially you should use a verb to represent the actual business task carried out by the service with as much context as possible. Additional context may come from using an appropriate Entity name in the service. Let me site a couple of examples; I would prefer a name that provides more contexts. Lets take the example of service provisioning process for a hypothetical teleco. Let us say a service is used by the process to establish is the customer address is serviceable. This process of customer address validation along with few other steps is generally known as service qualification. Hence QualifyServiceAddress is a better name for our service than something like ValidateAddress because it is contextual to business and has describes the service more accurately.

The other important thing is to use only standard entity names in your Service Name. When I say standard entity names, I assume that an organization-wide data model/information model/business information model already exists. So re-use the same vocabulary and adhere to your organizational standards.

Now as a disclaimer, I think no amount of standard is sufficient to ensure good naming. In many cases just following the semantics, without understanding the principles, beats the whole purpose of naming standards. Let me site some hypothetical examples; you might have come across situations where a new service is being designed to expose or replace a legacy application. The name of the service many a times would be influenced by the application names or process names of the legacy application even when the service interface may exposes a miniscule part of the application. In this case, the service name largely misrepresents its functionality offered. Or, how about a very long verbose service name that attempts to specify the entire business context in its name and does very little. The examples can go on.

 

Posted by Santanu Dey at 08:53 AM | | Comments (0) | TrackBacks (0)

October 13, 2009

SETLabs and Infosys participation in SOPOSE workshop AT Services Computing 2009 conference

I was the chair for SOPOSE 2009, the fourth international workshop Service and Process oriented Software Engineering (http://www.dsl.uow.edu.au/sopose/index.php ),  the workshop co-located with SCC 2009. The workshop aimed at addressing software engineering issues related to constructing service oriented architecture and business process management.

The workshop started with a keynote by on Value in Services Systems, by Prof. Joseph Davis, of  Univ of Sydney. This talk focused on the conceptual foundations what has come to be referred to as 'service science' which is concerned with the design, value co-creation (between the service providers and customers), and performance modeling of complex service systems.

 

There was an interesting discussion on User experience being at core of the final rendering of a service, and how the interactions between consumers, producers is core to the notion of "value". No doubt this is an important area of research from the perspective of justifying investments in IT, in current circumstances.

 

This was followed by thought provoking presentations including papers on BPM adoption, and software engineering issues related to BPM and SOA, including two innovative papers from Infosys titled "A holistic approach in context of Enterprise BPM adoption" and  

"Challenges and Approaches during requirement gathering phase for multi release BPM engagement" respectively.

More soon.

Posted by Dr. Srinivas Padmanabhuni at 08:15 AM | | Comments (0) | TrackBacks (0)