paul butterworth s o a runtime governance practices
TRANSCRIPT
1
Founding Sponsors
This Presentation Courtesy of the
International SOA Symposium
October 7-8, 2008 Amsterdam Arena
www.soasymposium.com
Gold Sponsors
Platinum Sponsors
Silver Sponsors
SOA Runtime Governance
Practices
Paul Butterworth
Chief Technology Officer
AmberPoint, Inc
October 2008
2
© 2008 AmberPoint, Inc. 3
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
Based on experiences with ~200 users
© 2008 AmberPoint, Inc. 4
firewall
Typical Service Network Topology
Shared Services External
Services
Order Entry
Accounting
Partner
Internal Services
Credit
Services not applications
Shared
Dynamic
Federated
3
© 2008 AmberPoint, Inc.
Typical Service Network Infrastructure
JavaService
MainframeApplication
WebService
DBMS
BizApplication
BizApplication
Network
Service Bus
Appliance
In all but the newest of environments, “SOA” ≠ “Just Web Services & XML”
© 2008 AmberPoint, Inc. 6
Keys to Successful Governance and Management of SOA Applications
Continuous SOA Discovery
Service Management &
Security
4
© 2008 AmberPoint, Inc. 7
Keys to Successful Governance and Management of SOA Applications
Business System Validation
Closed Loop Governance
Continuous SOA Discovery
Service Management &
Security
Business Transaction
Management
Business
Architects & Development
Operations
© 2008 AmberPoint, Inc. 8
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
Based on experiences with ~200 users
5
© 2008 AmberPoint, Inc. 9
Messaging
Discovery and Application Mapping
Dynamic Discovery of your SOA environment…
Application Flow & Transactions
Dependencies
Services
Consumers
Runtime Policies & Metadata
…across Heterogeneous Infrastructure
Containers
ESBs & Process Engines
Appliances
Registries / Repositories
No application, message or header modifications
Closes the loop with design time governance
A complete accounting of your SOA application environment
Intended DesignRunning Reality
Repositories
Service
Registries
Home-grown
Databases
© 2008 AmberPoint, Inc.
Hybrid Discovery Model
Enterprise Service Bus
• Approved Services• Intended Usage• Policies
Runtime
Repository
Policies
Data / Results
servicecontract
• Services (discovered, changes)• Scorecard Information• Policies (new, changes)
Discovers
Publishes
Publishes Changes to services, endpoints and policies
Scorecard metrics – availability, performance, etc.
Dependencies
Detects discrepancy between intentions
(design/dev) and reality (runtime)
RealityDesign
vs.
Service Management
Xact Management
System Validation
Closed Loop Governance
Ensures Closed Loop Governance
??
?
SoftwareDevelopment
Tools
DevelopmentTools
Repositories/Registries
Home-grownDatabases
6
© 2008 AmberPoint, Inc. 11
Detailed Metadata of Your SOA Environment
Operational Info: When service was
discovered
Availability
Type of service
Type of container
Link to WSDL
Business Info: Business owner
Division
Version
Etc.
Custom: Chargeback info
Risk assessment
Links to URL‟s
Etc.
Operational Info
Business Info
© 2008 AmberPoint, Inc. 12
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
7
© 2008 AmberPoint, Inc. 13
Service Quality Management
Monitor Performance & Availability Trends, thresholds, varying intervals, etc.
Isolate areas of interest Recent additions
“Rogue” services
Problem areas
Specific application groups
Filters
Detail
Graphical ViewTable View
Monitor Security
Respond to anomalies
© 2008 AmberPoint, Inc.
Service Level ManagementService- and Business-level Visibility
ServiceView
Alerts
UserSummaryandObjectives
HistoricalReporting
Enforce agreements based on business criteria Flexible calendars, multiple objectives
Granular visibility – groups, users, services, operations
Preventative and corrective actions
8
© 2008 AmberPoint, Inc. 15
Firewall
IdentityManagement
Systems
SecurityFirst- and Last-Mile Enforcement
First Mile Security- Client-side agent- Automatic enforcement of out-bound security
Last Mile Security- Plug-ins provide endpoint protection
- No ability to circumvent
Extensive Integration- Identity Management Systems
- Security Appliances- App Server / ESB / OS Security
<?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith</Name> <EncryptedData
Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData>
<CipherValue>A23B45C56</CipherValue>
</CipherData> </EncryptedData> </PaymentInfo>
env:Fault>
Unknown Servic
"urn:ups-shipping
Service Downserver:8192/e
/soapenv:
<Name><Encrypted
Type='http <CipherDa
<Cipher</Ciphe
Complete Policy Library
- Authentication- Authorization- Credential Mapping- Censorship- Crypto
© 2008 AmberPoint, Inc. 16
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
9
© 2008 AmberPoint, Inc. 17
Business Transaction Management Managing Individual Services is Not Enough
Real business value is associated with complete, end-to-end transactions Order management
Claims processing
Sales lead qualification
On-line reservations
Common Issues... No overall view into transaction
status
Minimal business visibility
Slow end-to-end response times
Transactions "disappear"
Business Impact Internal fire drills and finger
pointing
Unhappy customers
Lost revenue
Process Engine Service Bus
End-to-End
Technical Challenges
Transactions flow through both service and non-service based components Services Applications ESBs Process Engines Databases
Variety of architectures Synchronous and asynchronous
messaging Long running transactions – hours,
days, ...
© 2008 AmberPoint, Inc. 18
Business Transaction ManagementMonitoring Performance, Availability & Service Level Agreements
TransactionPerformance &Availability
ServiceLevelViolations
ConsumerSLA’s
HistoricalReporting
Enforces agreements in real time
Enables preventative and corrective actions Not just reporting
violations after its too late
Business Groups Platinum, Gold, etc.Accounting,
Shipping, etc.
Process Engine Service Bus
End-to-End
10
© 2008 AmberPoint, Inc.
Business Transaction ManagementBusiness Instrumentation
19
ConsumerSLA’s
BusinessGroups
BusinessInstrumentation
Track business value flowing through the system Track revenue, total orders, etc. Can customize instrumentation and dashboards
© 2008 AmberPoint, Inc. 20
Business Transaction ManagementReal-time Detection of Exceptions
Handles Technical and Business Exceptions Stalled transactions, missing steps, error
messages Incorrect data values, boundry
conditions, etc.
User-defined Exception Policies What to look for – leverage message
content Action to take – notify, intervene, etc
Rejected OrderAlert
11
© 2008 AmberPoint, Inc. 21
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
© 2008 AmberPoint, Inc.
Runtime Policy Enforcement: Service Virtualization
Abstracts service changes and versions behind a published „façade‟ (a „virtual‟ service)
Enables endpoint routing, load-balancing, failover, transformations etc.
•Sees simpler interface
•Service changes don’t show through.
Before After
Virtual
Svc
(PEP)
•Load balance•Route•Transform•Version
Service
AService
B
OrderLookup
ChangeDate
ChangeQty
ScheduleShip
ChangePrior
LookupETA
Service
AService
B
OrderLookup
ChangeDate
ChangeQty
ScheduleShip
ChangePrior
LookupETA
12
© 2008 AmberPoint, Inc.
Policies with a “where clause”
Automatically applies policies based on dynamic attributes and message content. All production services
All services in Accounting application
All services deployed in WebLogic containers
User-defined attributes for services, containers & policies
Assignments are reevaluated as attributes change
Automatic Policy Provisioning
s1 s5
s4
s2s6
s3
where“Accounting”
SecurityEncryption
allservices
One-at-a-Time Approach
where deployedon .NET app servers
Logging
Profile Based Approach
s1
p1
s2
s3
s100
p1 p1 p50
100 svcs x 50 policies
5,000policy points
Load-BalWeighted
Can manage system on “autopilot” where policies are
automatically assigned as appropriate.
Eliminates production mistakes by reducing manual steps.
© 2008 AmberPoint, Inc. 24
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
13
© 2008 AmberPoint, Inc. 25
“Approved”
25
Business System ValidationDistributed Components and Reuse Puts Business Systems at Risk
Impact of any changes ripple throughout the system
Real impact of planned changes is hard to predict
Impact of unplanned or unannounced changes can be devastating
Yet, most SOA environments find it impossible to setup and replicate all
dependent systems for testing elsewhere
And, new use and reuse creates blind spots in preproduction procedures
Design Development QA
Development Staging Production
Process Engine Service Bus
Need to Validate Integrity of the Entire System Before Installing Changes
© 2008 AmberPoint, Inc. 2626
Validate Impact on Dependent Systems
Development Staging Production
Process Engine Service Bus
The “Preflight Check” for SOA Systems
: Security Policies Functioning
Unexpected Deviation for
B2B Partner Usage
: WS-I Compliant
: Capacity Adequate
Validation Checklist
Acceptance testing of pending changes to SOA environment New Versions of Services
Policy Changes
Bug Fixes
Infrastructure Patches, etc.
Uses knowledge of dependencies and observed interactions
Simulates services that can’t be replicated in pre-production environments External services
Fee-based services
Gives Staging and Operations a final check before deploying changes