taw opening session

of 34 /34
APIs for the digital service ecosystem Michel Burger Chief Architect R&D Distinguished Engineer [email protected]

Upload: michel-burger

Post on 05-Dec-2014

751 views

Category:

Technology


1 download

Embed Size (px)

DESCRIPTION

Multiple presentations done during Team Action Week in Baltimore (June 24-26 2013).

TRANSCRIPT

Page 1: Taw opening session

APIs for the digital service ecosystem

Michel BurgerChief Architect R&DDistinguished [email protected]

Page 2: Taw opening session

Confidentiality level on slide master

Most Requested API by startups

1. Provisioning

2. Identity

3. Charging

4. User Validation

5. SSO

Option 12

Page 3: Taw opening session

Confidentiality level on slide masterOption 13

Services that run on

top of

Services that run

better with

Services that are

running by

Type of Back End Services

No IntegrationCommercial Agreement (ex: pre embedded client)Operated externally

Multi level of integration (light to deep)Commercial Agreement (ex: charge to bill)Generally operated externally

Deep integrationProduct or work package done by vendor or internally developedGenerally operated internally

Differentiation Potential Revenue

Intrinsic Drive and Incentive

Strategic Choice

Page 4: Taw opening session

Confidentiality level on slide master

Basic EnablerAccess

1 2 3 4 5

α

β

γ

δ

Vodafone Identity

SSOFederatedUser Profile

CRM

REST

Analytics

Cloud

SystemMgmt

User Experience

System

Integ

ration

Run on

top of

Run better with

Running

by

Charge to billTo get money from people who don’t have a bank account

Store usageStrong brick and mortar presence in many countries

Level of Integration for Back End Services

Page 5: Taw opening session

Confidentiality level on slide master

Pillars for a proper internet service platform

• Infrastructure abstraction: to go beyond virtualization to provide service with a set of API on how to consume basic resources (Storage, Computing, Queueing, Network)

• Identity Management: to provide open standard (OpenID, Oauth) to deal with identity and authorization by interacting with different legacy system

• Profile Management: to make sure that all data resources are linkable and discoverable

• Transaction Management: to provide the infrastructure to deal with distributed transactions for operation like user lifecycle

• High Performance IO Management: to handle real time near real time distributed event management for services

• Analytics: to make sure that every services generates data and there is a way to extract value from that data

• Exposing service APIs in the proper context: services are about API and not just end to end experience:

– Device Management– Connection Management – User Profile– User Services

Option 15

Device as a service

User as a service

Page 6: Taw opening session

Confidentiality level on slide master

Working on the API for Management

1. Shared resources and representation

2. Share attributes

3. Service management

Option 16

Page 7: Taw opening session

Confidentiality level on slide masterOption 17

Q&A

mic[email protected]@gmail.comfrogburger.blogspot.com

Page 8: Taw opening session

Confidentiality level on slide master

Detailed view of the architectural components

Page 9: Taw opening session

Confidentiality level on slide master

Identity Management: Single Sign On

Responsibilities

• Allows Customer to login to Services using their Operator username / password

• provides a Common interface for all Services with re-use to new services as they arise i.e. build once and use many

• Enables click through support between services without signing in again

• Makes use of existing Operator systems – development is all undertaken by top level, with support from Operators.

• Services integrate to a single gateway

• This in turn is integrated to each operator SSO system

• Customer can use their username to access

Service 1 Service 2

Opco 1 SSO

Opco nSSO

Other OpCo SSO

Top Level SSO

Gateway

OpCo_username

Service n

Page 10: Taw opening session

Confidentiality level on slide master

Profile Management: Resource Discovery

Service 1CustomerRegistry

Serivce n

Client(Internal, 3rd

party)

ResourceDiscovery

Responsibilities:

• Indicates the location of user’s disparate data resources

• Combines multiple resources into one view of data across multiple systems 

• Enables geo-distribution of resources

• Enables scalability by spreading resources across distributed nodes

• Enables classes of service and data availability (e.g. VIP users)

Provides data integrity for a system based on distributed or 3rd party components

Page 11: Taw opening session

Confidentiality level on slide master

Transaction Management: User Lifecycle Management

User LifecycleManagement

Responsibilities

• Manages complex transaction of user provisioning (Creating, Updating and Deleting user)

• Provides consistent way to manage the user lifecycle across internal and external services

• Provides unified set of API on user lifecycle operations for customer support services

Provides system integrity for a system based on distributed or 3rd party components

SSO

CustomerRegistry

ResourceDiscovery

Service 1 Serivce n

ClientRegistration

CustomerService

Page 12: Taw opening session

Confidentiality level on slide master

Infrastructure

Option 112

Page 13: Taw opening session

Confidentiality level on slide master

Electricity production and consumption

Collocation Centralization of productionDecentralization of consumption

Mass distribution of production and consumption

Collocation is back

Dam used as cheap storage

13

Page 14: Taw opening session

Confidentiality level on slide master

Core Computing (storage, execution ..) production and consumption

Disconnected computing

?

Cloud Computing

14

Operator Network

Page 15: Taw opening session

Confidentiality level on slide master

The threat: the OTT View

15

+

Modern data centers are an extensive network of blades that expands within the data centre or between

data centres. Each blade is remotely controlled to dynamically managed the forwarding plane

For economy of scale, this network needs to be inexpensive, agile , elastic and controlled by the

application layer using SDN/OpenflowThe device is becoming yet

another blade (with constraints (power, bandwitdth))

To expand the data center as a network of blades, new blades have been added. Originally these blades had a specific purpose of improving

traffic flow and latency.

CDN Node

CDN optimizerGateway/appliance are

intalled on premise

Home Gateway

Enterprise Gateway

Hardware abstraction • Network elements should run using commodetized

hardware• Network becomes elastic

Forwarding plane remote access • Clear separation between the control plane and the

data plane • Application layer to control the forwarding plane • Can be implemented natively or as an overlay

Google Akamai

Google, Apple: TV

Amazon: Streaming

Google: openflow technology in android

Oracle: control of the Java virtual machine

Operator Network

Network of blades

Page 16: Taw opening session

Confidentiality level on slide master

The threat: the OTT View

16

+

CDN Node

Enterprise Gateway

Modern software services are made of distributed elements (pieces of software logic and data) that are accessible thru API. These

elements can be instantiated on different blades or can migrate from blades to blades (liquid

services)

These software services can use or migrate to remote blades to offload centralized data center blades and to improve the user

experience.

• OTT surround or populated our network to create an overlay network of service elements• High level control information (routing, flow optimatinization data)., nter-element information and service

data and is going thru tunnels to optimize traffic, offload workload, execute service logic• Our network has zero visibility of these three types of information

We are being pushed down to just become one of the forwarding planetunneling signalling from the device to a massively distributed controller

Cloud elasticity, Caching

Google desktop, CDN Caching, Facebook desktop UI, Chrome, Kindle

Modern data centers are an extensive network of blades that expands within the data centre or between

data centres. Each blade is remotely controlled to dynamically managed the forwarding plane

To expand the data center as a network of blades, new blades have been added. Originally these blades had a specific purpose of improving

traffic flow and latency.

Home Gateway

Network of blades

Page 17: Taw opening session

Confidentiality level on slide master

The threat: The Network View (with an network approach)

17

Confining SDN to just address the cost (APEX and OPEX) reduction by creting a virtualized and agile network

Abstracting the hardware of network elements give the ability to use commodity hardware (CAPEX reduction)

Network need to be software progammable and controllable to automate the management (OPEX reduction)

Implementing SDN in the network

• Create a cheaper and more agile network• Does not change the status quo but distract operator from the real issues

SDN solve the problem “du jour” about reducing cost, similar to IMS few year ago with the problem “du jour” of accelarating service innovation while

OTT by using SDN will accelerate their abiltity to deliver innovative services

Page 18: Taw opening session

Confidentiality level on slide master

The opportunity: The Network View (with an IT approach)

18

Enterprise Gateway

Home Gateway

A lot of raw storage and computing power locked in proprietary solutions which make the network an IT no

man’s land

Abstracting the hardware of network elements enable the ability to exposed them as IT resources

Network need to be software progammable and controllable to allow quick access of the resources

Implementing SDN in the network

Implementing on premise (home/enterprise) gateway as IT resource allows us to extend our

reach

• Edge (one hope away) IT resources to handle low latency user solution are more viable than device as IT resources

• Complementary to the other IT resources

We are part of the computing supply chain providing specific IT resources only network operator can implement and we have visibility of inter-service

element traffic

Edge ITResources

Edge ITResources

Edge ITResources

Core ITResources

Software services can be distributed at the edge of whithin the network

either for minimizing the latency of the user experience or optimizing the

centralized data center load

Operator Network

Page 19: Taw opening session

Confidentiality level on slide master

Core Computing (storage, execution ..) production and consumption

OTT viewDisconnected computing Cloud Computing Massively distributed computing

We are pushed down to just become one of the forwarding plane

19

Network of blades

Operator Network

Operator Network

Page 20: Taw opening session

Confidentiality level on slide master

Core Computing (storage, execution ..) production and consumption

Network View (with an IT approach)

We are complete part of the computing supply chain providing one hop away computing resources

20

Network of blades

Operator Network

Disconnected computing Cloud Computing Massively distributed computing

Page 21: Taw opening session

Confidentiality level on slide master

What we could do and how?

Confidentiality level in footer | 10 April 202321

• Leverage the network to become a massively distributed data center and partner with cloud IT resource provider (like Amazon) to create a continuum of IT resources from the back end to the device with a strong defacto standard – Accelerate migration to general purpose hardware, increase virtualisation in the network controllable by

the software layer and implement IT abstraction using defacto standard leveraging Hybrid Cloud Broker

• Implement on premise (home/enterprise) gateways as IT resources to expand reach– Promote the deployment of home/enterprise gateways with specific purpose as dedicated soluton and

as IT resources

• Provide network edge IT resources to mobile solution developers for unmatched user experience (<1ms latency) and ability to offload back end data center : Edge cloud (one hop away IT resources )– End user device as an IT resource has many constraints (power, bandwith (cost and availability)) which

don’t exist on network edge IT resources. Accelerate the introduction of edge network element as an IT resource, Develop Network API.

– Developers are already creating elastic solutions using defacto standard, this is just a distributed extension of elasticity

• Improve our influence and steer Open Network Foundation (IT lead) and OpendDaylight (Network lead) initiatives, educate developers by pushing our system expertise to create manageable

Page 22: Taw opening session

Confidentiality level on slide master

Analytics

Option 122

Page 23: Taw opening session

Confidentiality level on slide master

Gold mining is about dirt management

0.05 ounces/ton

Page 24: Taw opening session

Confidentiality level on slide master

About 11850 Amps to generate around 8.4 Tesla fields (about

150000 times the earth magnetic field) but they operate at low Voltage

A lot of what LHC is about is electricity flow management

Page 25: Taw opening session

Confidentiality level on slide master

How BIG?

BIG data is like the LHC combined with gold extraction- Huge amount of data -> 6.6 Zettabytes/year by 2016 (Cisco

Cloud Index)

- Big flow of data -> 400TB/day (Facebook)

- LHC generates 10-15 Petabytes/year of data for each experiment

Page 26: Taw opening session

Confidentiality level on slide master

The essence of new service providers

Service

Data

Consumes

Produces

Improvesexperience

Many free servicesOne data setand common semantic

The more context the more efficient and

the more value

Value enriched Datageneratesrevenue

Example: Search/Information Management :

Rated auction/Selling:

User

BI Based Revenue Models

(eg Advertisement)

Core Semantic

Data SetMindmap

ServiceServic

e

Revenue from existing services will shrink

Additionalrevenue from new services

Page 27: Taw opening session

Confidentiality level on slide master

Classic Approach• Structured Data

• Data in the range of Gigabytes to Terabytes

• Centralized (Data is imported in analytics)

• Batch based

• Data silos

Transaction RelationalDatabase

DataWarehouse

Analyze

Where is the data that answer my questions ?

ETL ETL ETL

Page 28: Taw opening session

Confidentiality level on slide master

• Multi Structured Data

• Data in the range of Terabytes to Petabytes

• Distributed/Federated (Analytics grab the data)

• Streaming based

• Holistic Data

Big Data Approach

2

3

n

1

Organize AnalyzeStream

Clusters

Here are the questions and the data for the answers

Sou

rces

Page 29: Taw opening session

Confidentiality level on slide master

A new pattern

Co

nsu

mp

tio

n

AP

I

Data cardSim Card

Content Services

KnowledgeReferences

ApplicationsSocial Networks

Connected Things (Consumer, Enterprise)

Connected Devices

Network Core

IT Infrastructure

RAN

Premise Gateway

• Many different data structures• Many different ways to extract the data• Many different locations (even for the same type of

data)• Batch and Realtime based• Buffered or stream• Correlation parameters

• Buffering, Routing, Filtering• Structured/Unstructured store • Event Collector• Batch Process/Multi Structure

Stream • Multi Stage Store/Process

No

n R

eal-

tim

eR

eal-

tim

e

Lo

w le

vel S

eman

tic

Ric

h S

eman

tic

Ch

eap

Sto

rag

eH

igh

Eff

icie

nt

Sto

rag

e

Report Statistics

Data as a Service

Graph Network/Analysis

Neura l Network/Analysis

• Structured Buffering• Proprietary• Graph• Neural Network• Relational

• Unstructured Buffering

• Streaming• Taping at Source• Taping on Stream • Consumption to

Source

So

urc

esS

trea

m

Page 30: Taw opening session

Confidentiality level on slide master

With added securityS

ou

rces

Co

nsu

mp

tio

n

AP

I

Data cardSim Card

Content Services

KnowledgeReferences

ApplicationsSocial Networks

Connected Things (Consumer, Enterprise)

Connected Devices

Network Core

IT Infrastructure

RAN

Premise Gateway

Report Statistics

Data as a Service

Graph Network/Analysis

Neura l Network/Analysis

• Securing the infrastructure (public, private)• Policy (internal/external)• On-going assessment (DDOS, Penetration …)• Data leakage• Migration

• Securing the identity• Validating ID• Anonymization

• Securing the access• Distributed permission/preference• 3rd party permission

• Strong access control based on industry standard (user, dev, application)

• Strong authorization control based on open standard

• Analytics applied to Analytics

Str

eam

Page 31: Taw opening session

Confidentiality level on slide master

Device as a Service

Option 131

Page 32: Taw opening session

Confidentiality level on slide master

DeviceManagement

Dev

ice

Virt

ualiz

ationDevice

Connected Device

Managed DeviceDevice as a Service

Net

wor

k St

ack

Man

agem

ent

Agen

t

Serv

ice

Platf

orm

Services

DiscoverySecurityMessagingProtocolEnd Point Abstraction

Device CapabilitiesDevice ProfileService Enablement

Billing, Provisioning,Cloud ServicesContent based..

Local ApplicationsOSHardware (processing/storage/io)

Device ModelData AbstractionData renderingService experience

Loca

l rep

of

rem

ote

serv

ice

Loca

l rep

of

rem

ote

serv

ice

The new deviceThe new device

Device as a ServiceThe binding between the device as a service and a cloud service can be of the following spectrum from downloading an application in the device to having a description (html5 based) of what the interaction should look like pre rendered in the device proxy.

AtomicService

CompositeService

Network App

3rd party

IdentityLocal app

Update

Each steps from device to device as a service implies add-on on the physical device.

Composition

Device as a serviceDevice as a service

Connection

Device Proxy Device Proxy Connection Connection Device Device

Page 33: Taw opening session

Confidentiality level on slide master

API Exposure

Option 133

Page 34: Taw opening session

Confidentiality level on slide master

WorkPackage

APIAggregator

Specialized API (API to focus on a specific client)Eg: Mobile API, Web API …

SDK (Code that hide the API for a specific platform)Eg: Eclipse Plug-in, Mobile device SDK (Apple, Android…)

ViaAPI optimization

Wha

t typ

e of

AP

I?W

hich

cha

nnel

is

used

to d

istr

ibut

e th

e A

PI?

RawExposure

PortalAggregatorService Provider

Redistribution

for

for...

Standard Environment

Via API adaptation

Customized API (API created for a specific partner)Eg: Apple, Google…

Who

as

deve

lope

rw

ill u

se th

e A

PI?

?

Back end service API(Normalized APIs, Common Enablers, Partners API) 3rd party

Product

Opco Opco Opco

Wha

t de

velo

per

do w

ith th

e A

PI? OTT

ServiceServiceBundle

Mashup Application

How

is it

pr

esen

ted?

OTT APIOTT may also develop anmobile/web app on tpresentdirectly to the end user or distribute the API via the appropriate API channel

WebApp

AppStore

Who

is th

e en

d cu

stom

er?

PackagedProduct

Enterprise Consumer

Web DeveloperOTT Service Developer

Mobile DeveloperDevice Developer

B2B Service ProviderDeveloper

Long TailShortTail

Charge to bill for

CustomCode

on

Internal program for API

normalization