Professional Documents
Culture Documents
Ben Thurgood Asia Pacific SOA Delivery Leader IBM Software Group Services bthurgoo@au.ibm.com
Agenda
SOA and Web Services Best Practices
Iterative Adoption The Basics Sticking to the standards Securing appropriately Planning for expansion Planning for Governance Point to Point Services Bottom-up Development (or Its all Greek to me) The message that ate my server Pardon me, your data is showing Schema? We dont need no stinkin schema!
Worst Practices
What is ..?
a service? A repeatable business task e.g., check customer credit; open new account
service oriented architecture (SOA)? An IT architectural style that supports service orientation
a composite application? A set of related & integrated services that support a business process built on an SOA
4
What is a Service?
Service
A Service is a discoverable software resource which has a service description. The service description is available for searching, binding and invocation by a service consumer. The service description implementation is realized through a service provider who delivers quality of service requirements for the service consumer. Services can be governed by declarative policies.
Channel
Consumers
B2B
QoS Layer (Security, Management & Monitoring Infrastructure Services) Integration (Enterprise Service Bus) Data Architecture (meta-data) & Business Intelligence
Business Process
Composition; choreography; business state machines
Governance
Services
atomic and composite
Service Components
Operational Systems
Packaged Application
Custom Application
OO Application
Atomic Service
Composite Service
Registry
Roles
Capabilities that a business wants to expose as a set of services to clients and partner organizations An architectural style which requires a service provider, requestor and a service description. It addresses characteristics such as loose coupling, reuse and simple and composite implementations. A programming model complete with standards, tools, methods and technologies such as Web services A set of agreements among service requestors and service providers that specify the quality of service and identify key business and IT metrics.
2007 ACS Web Services SIG 21 February 2007
Business
Architecture
Implementation
Operations
SOA and web services are not the answer to every situation dont use it as the hammer To maximize benefits of SOA and Web Services, requires both SOA and Web services
2007 ACS Web Services SIG 21 February 2007 8
Best Practices
Patterns to follow
Strategic Vision
Incremental Approximation
Time
Strategic Vision Business and IT statement of direction which can be used as a guideline for decision making, organizational buy-in, standards adoption Project Plans Implementation projects to meet immediate needs of the current business drivers
2007 ACS Web Services SIG 21 February 2007 10
GUI
GW ESB
BPE
Governance
Svc
Svc
Svc
11
The Basics
Identify services based on business value, e.g. SOMA
e.g. PayPartnerCreditCard vs. ProcessBatchCCPayments Business task vs. Implementation option
Use DTO (Data Transfer Object) or equivalent Standards based interface, e.g. WSDL Stateless Granularity not too fine, not too coarse
Does the service do too much? i.e. used by more than one different business task Does it do too little? i.e. business task uses multiple services to complete
13
Story
1. Super security One customer decided to go with HMAC-SHA1 authentication because it was supported in their middleware platform (WebSphere) At a meeeting with their partner organisations everyone nodded their approval to the security proposal 1 week before delivery we found out that the partners were going to fail to deliver because they were still trying to understand how to implement the security protocol 2. WS-Addressing One customer weve encountered really wanted to use WSAddressing for asynchronous web services. They found the ETTK implementation and then folded that into their implementation Then they found in the last stages of their project that not only was the ETTK not supported, but that the code wouldnt even run on the target platform (WebSphere on z/OS)
14
Guidance
Look at whats currently supported in your middleware platform Adopt technology based on its value Balance interoperability with non-functional requirements
15
Securing Appropriately
Web Services present an avenue for intrusion by hackers. They also create brand new security issues of their own (XML threats) How do we fix it?
Enable Application Server-level (J2EE) Security Secure your Web Services with WS-Security following the WS-I Basic Security Profile Use alternative mechanisms (HTTPs/BASIC-AUTH) if necessary Use a DataPower XS40 appliance
2007 ACS Web Services SIG 21 February 2007 16
DataPower has strong integration for security and management. All of this adds up to the strongest overall current feature set. - Forrester Research
17
Securing Appropriately
Story:
One customer that had hand-written authentication and authorization on their web site but didnt realize that they were also making their web services (for internal use only) globally accessible too
18
ROUTING messages between services CONVERTING transport protocols between requestor and service TRANSFORMING message format between requestor and service HANDLING business events
2007 ACS Web Services SIG 21 February 2007
Color = Data type Shape = Protocol
20
WSGW
EDI
Customer
Customer
J2EE Application
CRM
Legacy Application
Database
Service Providers
2007 ACS Web Services SIG 21 February 2007 21
Business Logic
Mediation Patterns
Security
Management
IT Management Services
Registry
22
Service repository
Issues
How is Service-related information governed (stored, managed and maintained, accessed) ? How do Service Requesters determine which Services to use ? How do Service Requesters locate Service endpoints ? How are they made aware of changes happening? (Notification)
Objectives
Manage service-related information (interface, service location, additional information such as specification) in a centralized manner Provide categorization and versioning capabilities to leverage servicerelated information Provide service requesters with extensive discovery and notification capabilities
Solution
Design and implement a Service Directory
23
System
Topologies
z
Find/Bind, Invoke, Monitor & Manage
Dashboard
Plan Determine scope of governance work Prepare and conduct kick off session
Scope confirmed Project plan
Model Design the SOA Governance Model Define Service Ownership Model
Service Domains
Perform Implementation of the Governance Model Initiate the governance transition plan Implement the SOA governance processes Staff and execute the SOA Centre of Competency Initiate the organization model changes Launch the communication plan Initiate the education and mentoring plans Define the SOA standards and guidelines
XML Messaging Standard Business Services Technical Guidelines others
Improve Monitor and Refine Governance Model Monitor governance and management
Service Planning Service Ownership and Funding Service Modelling Service Implementation Service Management
25
Worst Practices
Anti-patterns to avoid
26
Root Cause: a view that an integration layer, usually called an Enterprise Service Bus (ESB), adds:
Complicated new technology A single point of failure Cost (for the ESB software and supporting hardware) Reduced performance
Problem
Customers use bottom-up development of Web Services from existing Java beans. They end up with language-specific information (like Vectors or Hashmaps) in the WSDL
Why?
Lack of understanding of interoperability issues
28
What happens
Other languages (Visual Basic, C#) cant consume the SOAP produced
29
The Problem
Customers often try to send extremely large messages, or even worse, extremely large opaque (binary) messages over Web Services transports
Why?
Looking at Web Services as a replacement for EDI or CORBA Not understanding the limitations of the technology
2007 ACS Web Services SIG 21 February 2007 30
What happens
Extremely high processing loads. Low throughput due to immense amounts of time spent parsing. High network latency
Problem
Customers try to put Web Services in at the wrong place in their architecture Expose Data access (or GUI) through Web Services
Why?
Misunderstanding of SOA Architectural principles
32
How to fix it
Apply coarse-grained Web Services in the right place in an architecture Use the Session Faade Pattern to expose model-based services
Web Services exposed here
View
Controller
Domain Model
Data Access
Problem
Customers often put arbitrary XML inside a SOAP envelope and call it a Web Service
Why?
Trying to reuse existing code Misunderstanding of the advantages of Web Services
34
What happens?
The XML often has no schema no chance of validation They must parse the XML themselves in the application and the client
What to do?
Encourage them to create XML Schema and make it part of the WSDL Educate them as to the advantages of WSDL
35
Summary
36
Acknowledgements
Special thanks to those people who have directly or indirectly contributed to this presentation
Kyle Brown Rachel Reinitz Arnauld Deprets Alex Polozoff Robert Peterson Paul Gover Paul Glezen
2007 ACS Web Services SIG 21 February 2007 37
38
39
40
Questions?
Ben Thurgood
AP SOA Delivery Leader IBM Software Group Services bthurgoo@au.ibm.com +61-421-012-787
41
Unused Slides
42
Governance is the structure of relationships and processes to direct and to control the SOA components in order to achieve the enterprises goals
The governance model defines:
What has to be done? How is it done? Who has the authority to do it? How is it measured?
Technology People
Services Processes
43
Plan Determine scope of governance work Prepare and conduct kick off session
Scope confirmed Project plan
Model Design the SOA Governance Model Define Service Ownership Model
Service Domains
Perform Implementation of the Governance Model Initiate the governance transition plan Implement the SOA governance processes Staff and execute the SOA Centre of Competency Initiate the organization model changes Launch the communication plan Initiate the education and mentoring plans Define the SOA standards and guidelines
XML Messaging Standard Business Services Technical Guidelines others
Improve Monitor and Refine Governance Model Monitor governance and management
Service Planning Service Ownership and Funding Service Modelling Service Implementation Service Management
44
45