taw opening session
DESCRIPTION
Multiple presentations done during Team Action Week in Baltimore (June 24-26 2013).TRANSCRIPT
APIs for the digital service ecosystem
Michel BurgerChief Architect R&DDistinguished [email protected]
Confidentiality level on slide master
Most Requested API by startups
1. Provisioning
2. Identity
3. Charging
4. User Validation
5. SSO
Option 12
Confidentiality level on slide masterOption 13
Services that run on
top of
Services that run
better with
Services that are
running by
Type of Back End Services
No IntegrationCommercial Agreement (ex: pre embedded client)Operated externally
Multi level of integration (light to deep)Commercial Agreement (ex: charge to bill)Generally operated externally
Deep integrationProduct or work package done by vendor or internally developedGenerally operated internally
Differentiation Potential Revenue
Intrinsic Drive and Incentive
Strategic Choice
Confidentiality level on slide master
Basic EnablerAccess
1 2 3 4 5
α
β
γ
δ
Vodafone Identity
SSOFederatedUser Profile
CRM
REST
Analytics
Cloud
SystemMgmt
User Experience
System
Integ
ration
Run on
top of
Run better with
Running
by
Charge to billTo get money from people who don’t have a bank account
Store usageStrong brick and mortar presence in many countries
Level of Integration for Back End Services
Confidentiality level on slide master
Pillars for a proper internet service platform
• Infrastructure abstraction: to go beyond virtualization to provide service with a set of API on how to consume basic resources (Storage, Computing, Queueing, Network)
• Identity Management: to provide open standard (OpenID, Oauth) to deal with identity and authorization by interacting with different legacy system
• Profile Management: to make sure that all data resources are linkable and discoverable
• Transaction Management: to provide the infrastructure to deal with distributed transactions for operation like user lifecycle
• High Performance IO Management: to handle real time near real time distributed event management for services
• Analytics: to make sure that every services generates data and there is a way to extract value from that data
• Exposing service APIs in the proper context: services are about API and not just end to end experience:
– Device Management– Connection Management – User Profile– User Services
Option 15
Device as a service
User as a service
Confidentiality level on slide master
Working on the API for Management
1. Shared resources and representation
2. Share attributes
3. Service management
Option 16
Confidentiality level on slide masterOption 17
Q&A
[email protected]@gmail.comfrogburger.blogspot.com
Confidentiality level on slide master
Detailed view of the architectural components
Confidentiality level on slide master
Identity Management: Single Sign On
Responsibilities
• Allows Customer to login to Services using their Operator username / password
• provides a Common interface for all Services with re-use to new services as they arise i.e. build once and use many
• Enables click through support between services without signing in again
• Makes use of existing Operator systems – development is all undertaken by top level, with support from Operators.
• Services integrate to a single gateway
• This in turn is integrated to each operator SSO system
• Customer can use their username to access
Service 1 Service 2
Opco 1 SSO
Opco nSSO
Other OpCo SSO
Top Level SSO
Gateway
OpCo_username
Service n
Confidentiality level on slide master
Profile Management: Resource Discovery
Service 1CustomerRegistry
Serivce n
…
Client(Internal, 3rd
party)
ResourceDiscovery
Responsibilities:
• Indicates the location of user’s disparate data resources
• Combines multiple resources into one view of data across multiple systems
• Enables geo-distribution of resources
• Enables scalability by spreading resources across distributed nodes
• Enables classes of service and data availability (e.g. VIP users)
Provides data integrity for a system based on distributed or 3rd party components
Confidentiality level on slide master
Transaction Management: User Lifecycle Management
…
User LifecycleManagement
Responsibilities
• Manages complex transaction of user provisioning (Creating, Updating and Deleting user)
• Provides consistent way to manage the user lifecycle across internal and external services
• Provides unified set of API on user lifecycle operations for customer support services
Provides system integrity for a system based on distributed or 3rd party components
SSO
CustomerRegistry
ResourceDiscovery
Service 1 Serivce n
ClientRegistration
CustomerService
Confidentiality level on slide master
Infrastructure
Option 112
Confidentiality level on slide master
Electricity production and consumption
Collocation Centralization of productionDecentralization of consumption
Mass distribution of production and consumption
Collocation is back
Dam used as cheap storage
13
Confidentiality level on slide master
Core Computing (storage, execution ..) production and consumption
Disconnected computing
?
Cloud Computing
14
Operator Network
Confidentiality level on slide master
The threat: the OTT View
15
+
Modern data centers are an extensive network of blades that expands within the data centre or between
data centres. Each blade is remotely controlled to dynamically managed the forwarding plane
For economy of scale, this network needs to be inexpensive, agile , elastic and controlled by the
application layer using SDN/OpenflowThe device is becoming yet
another blade (with constraints (power, bandwitdth))
To expand the data center as a network of blades, new blades have been added. Originally these blades had a specific purpose of improving
traffic flow and latency.
CDN Node
CDN optimizerGateway/appliance are
intalled on premise
Home Gateway
Enterprise Gateway
Hardware abstraction • Network elements should run using commodetized
hardware• Network becomes elastic
Forwarding plane remote access • Clear separation between the control plane and the
data plane • Application layer to control the forwarding plane • Can be implemented natively or as an overlay
Google Akamai
Google, Apple: TV
Amazon: Streaming
Google: openflow technology in android
Oracle: control of the Java virtual machine
Operator Network
Network of blades
Confidentiality level on slide master
The threat: the OTT View
16
+
CDN Node
Enterprise Gateway
Modern software services are made of distributed elements (pieces of software logic and data) that are accessible thru API. These
elements can be instantiated on different blades or can migrate from blades to blades (liquid
services)
These software services can use or migrate to remote blades to offload centralized data center blades and to improve the user
experience.
• OTT surround or populated our network to create an overlay network of service elements• High level control information (routing, flow optimatinization data)., nter-element information and service
data and is going thru tunnels to optimize traffic, offload workload, execute service logic• Our network has zero visibility of these three types of information
We are being pushed down to just become one of the forwarding planetunneling signalling from the device to a massively distributed controller
Cloud elasticity, Caching
Google desktop, CDN Caching, Facebook desktop UI, Chrome, Kindle
Modern data centers are an extensive network of blades that expands within the data centre or between
data centres. Each blade is remotely controlled to dynamically managed the forwarding plane
To expand the data center as a network of blades, new blades have been added. Originally these blades had a specific purpose of improving
traffic flow and latency.
Home Gateway
Network of blades
Confidentiality level on slide master
The threat: The Network View (with an network approach)
17
Confining SDN to just address the cost (APEX and OPEX) reduction by creting a virtualized and agile network
Abstracting the hardware of network elements give the ability to use commodity hardware (CAPEX reduction)
Network need to be software progammable and controllable to automate the management (OPEX reduction)
Implementing SDN in the network
• Create a cheaper and more agile network• Does not change the status quo but distract operator from the real issues
SDN solve the problem “du jour” about reducing cost, similar to IMS few year ago with the problem “du jour” of accelarating service innovation while
OTT by using SDN will accelerate their abiltity to deliver innovative services
Confidentiality level on slide master
The opportunity: The Network View (with an IT approach)
18
Enterprise Gateway
Home Gateway
A lot of raw storage and computing power locked in proprietary solutions which make the network an IT no
man’s land
Abstracting the hardware of network elements enable the ability to exposed them as IT resources
Network need to be software progammable and controllable to allow quick access of the resources
Implementing SDN in the network
Implementing on premise (home/enterprise) gateway as IT resource allows us to extend our
reach
• Edge (one hope away) IT resources to handle low latency user solution are more viable than device as IT resources
• Complementary to the other IT resources
We are part of the computing supply chain providing specific IT resources only network operator can implement and we have visibility of inter-service
element traffic
Edge ITResources
Edge ITResources
Edge ITResources
Core ITResources
Software services can be distributed at the edge of whithin the network
either for minimizing the latency of the user experience or optimizing the
centralized data center load
Operator Network
Confidentiality level on slide master
Core Computing (storage, execution ..) production and consumption
OTT viewDisconnected computing Cloud Computing Massively distributed computing
We are pushed down to just become one of the forwarding plane
19
Network of blades
Operator Network
Operator Network
Confidentiality level on slide master
Core Computing (storage, execution ..) production and consumption
Network View (with an IT approach)
We are complete part of the computing supply chain providing one hop away computing resources
20
Network of blades
Operator Network
Disconnected computing Cloud Computing Massively distributed computing
Confidentiality level on slide master
What we could do and how?
Confidentiality level in footer | 10 April 202321
• Leverage the network to become a massively distributed data center and partner with cloud IT resource provider (like Amazon) to create a continuum of IT resources from the back end to the device with a strong defacto standard – Accelerate migration to general purpose hardware, increase virtualisation in the network controllable by
the software layer and implement IT abstraction using defacto standard leveraging Hybrid Cloud Broker
• Implement on premise (home/enterprise) gateways as IT resources to expand reach– Promote the deployment of home/enterprise gateways with specific purpose as dedicated soluton and
as IT resources
• Provide network edge IT resources to mobile solution developers for unmatched user experience (<1ms latency) and ability to offload back end data center : Edge cloud (one hop away IT resources )– End user device as an IT resource has many constraints (power, bandwith (cost and availability)) which
don’t exist on network edge IT resources. Accelerate the introduction of edge network element as an IT resource, Develop Network API.
– Developers are already creating elastic solutions using defacto standard, this is just a distributed extension of elasticity
• Improve our influence and steer Open Network Foundation (IT lead) and OpendDaylight (Network lead) initiatives, educate developers by pushing our system expertise to create manageable
Confidentiality level on slide master
Analytics
Option 122
Confidentiality level on slide master
Gold mining is about dirt management
0.05 ounces/ton
Confidentiality level on slide master
About 11850 Amps to generate around 8.4 Tesla fields (about
150000 times the earth magnetic field) but they operate at low Voltage
A lot of what LHC is about is electricity flow management
Confidentiality level on slide master
How BIG?
BIG data is like the LHC combined with gold extraction- Huge amount of data -> 6.6 Zettabytes/year by 2016 (Cisco
Cloud Index)
- Big flow of data -> 400TB/day (Facebook)
- LHC generates 10-15 Petabytes/year of data for each experiment
Confidentiality level on slide master
The essence of new service providers
Service
Data
Consumes
Produces
Improvesexperience
Many free servicesOne data setand common semantic
The more context the more efficient and
the more value
Value enriched Datageneratesrevenue
Example: Search/Information Management :
Rated auction/Selling:
User
BI Based Revenue Models
(eg Advertisement)
Core Semantic
Data SetMindmap
ServiceServic
e
Revenue from existing services will shrink
Additionalrevenue from new services
Confidentiality level on slide master
Classic Approach• Structured Data
• Data in the range of Gigabytes to Terabytes
• Centralized (Data is imported in analytics)
• Batch based
• Data silos
Transaction RelationalDatabase
DataWarehouse
Analyze
Where is the data that answer my questions ?
ETL ETL ETL
Confidentiality level on slide master
• Multi Structured Data
• Data in the range of Terabytes to Petabytes
• Distributed/Federated (Analytics grab the data)
• Streaming based
• Holistic Data
Big Data Approach
2
3
n
1
Organize AnalyzeStream
Clusters
Here are the questions and the data for the answers
Sou
rces
Confidentiality level on slide master
A new pattern
Co
nsu
mp
tio
n
AP
I
Data cardSim Card
Content Services
KnowledgeReferences
ApplicationsSocial Networks
Connected Things (Consumer, Enterprise)
Connected Devices
Network Core
IT Infrastructure
RAN
Premise Gateway
• Many different data structures• Many different ways to extract the data• Many different locations (even for the same type of
data)• Batch and Realtime based• Buffered or stream• Correlation parameters
• Buffering, Routing, Filtering• Structured/Unstructured store • Event Collector• Batch Process/Multi Structure
Stream • Multi Stage Store/Process
No
n R
eal-
tim
eR
eal-
tim
e
Lo
w le
vel S
eman
tic
Ric
h S
eman
tic
Ch
eap
Sto
rag
eH
igh
Eff
icie
nt
Sto
rag
e
Report Statistics
Data as a Service
Graph Network/Analysis
Neura l Network/Analysis
• Structured Buffering• Proprietary• Graph• Neural Network• Relational
• Unstructured Buffering
• Streaming• Taping at Source• Taping on Stream • Consumption to
Source
So
urc
esS
trea
m
Confidentiality level on slide master
With added securityS
ou
rces
Co
nsu
mp
tio
n
AP
I
Data cardSim Card
Content Services
KnowledgeReferences
ApplicationsSocial Networks
Connected Things (Consumer, Enterprise)
Connected Devices
Network Core
IT Infrastructure
RAN
Premise Gateway
Report Statistics
Data as a Service
Graph Network/Analysis
Neura l Network/Analysis
• Securing the infrastructure (public, private)• Policy (internal/external)• On-going assessment (DDOS, Penetration …)• Data leakage• Migration
• Securing the identity• Validating ID• Anonymization
• Securing the access• Distributed permission/preference• 3rd party permission
• Strong access control based on industry standard (user, dev, application)
• Strong authorization control based on open standard
• Analytics applied to Analytics
Str
eam
Confidentiality level on slide master
Device as a Service
Option 131
Confidentiality level on slide master
DeviceManagement
Dev
ice
Virt
ualiz
ationDevice
Connected Device
Managed DeviceDevice as a Service
Net
wor
k St
ack
Man
agem
ent
Agen
t
Serv
ice
Platf
orm
Services
…
DiscoverySecurityMessagingProtocolEnd Point Abstraction
Device CapabilitiesDevice ProfileService Enablement
Billing, Provisioning,Cloud ServicesContent based..
Local ApplicationsOSHardware (processing/storage/io)
Device ModelData AbstractionData renderingService experience
Loca
l rep
of
rem
ote
serv
ice
Loca
l rep
of
rem
ote
serv
ice
The new deviceThe new device
Device as a ServiceThe binding between the device as a service and a cloud service can be of the following spectrum from downloading an application in the device to having a description (html5 based) of what the interaction should look like pre rendered in the device proxy.
AtomicService
CompositeService
Network App
3rd party
IdentityLocal app
Update
Each steps from device to device as a service implies add-on on the physical device.
Composition
Device as a serviceDevice as a service
Connection
Device Proxy Device Proxy Connection Connection Device Device
Confidentiality level on slide master
API Exposure
Option 133
Confidentiality level on slide master
WorkPackage
APIAggregator
Specialized API (API to focus on a specific client)Eg: Mobile API, Web API …
SDK (Code that hide the API for a specific platform)Eg: Eclipse Plug-in, Mobile device SDK (Apple, Android…)
ViaAPI optimization
Wha
t typ
e of
AP
I?W
hich
cha
nnel
is
used
to d
istr
ibut
e th
e A
PI?
RawExposure
PortalAggregatorService Provider
Redistribution
for
for...
Standard Environment
Via API adaptation
Customized API (API created for a specific partner)Eg: Apple, Google…
Who
as
deve
lope
rw
ill u
se th
e A
PI?
?
Back end service API(Normalized APIs, Common Enablers, Partners API) 3rd party
Product
Opco Opco Opco
Wha
t de
velo
per
do w
ith th
e A
PI? OTT
ServiceServiceBundle
Mashup Application
How
is it
pr
esen
ted?
OTT APIOTT may also develop anmobile/web app on tpresentdirectly to the end user or distribute the API via the appropriate API channel
WebApp
AppStore
Who
is th
e en
d cu
stom
er?
PackagedProduct
Enterprise Consumer
Web DeveloperOTT Service Developer
Mobile DeveloperDevice Developer
B2B Service ProviderDeveloper
Long TailShortTail
Charge to bill for
CustomCode
on
Internal program for API
normalization