349 76 4MB
English Pages 52 Year 2006
THEWORLD’SLEADINGMAGAZINEDEDICATEDTOWEBSERVICESTECHNOLOGIES Visitusatwww.WebServices.SYS-CON.com
JUNE2006/VOLUME:6ISSUE6
B���g��g���e��c��v��y B���g��g���e��c��v��y ��Web�e�v�ce� ��Web�e�v�ce�
U���gAJAX
M�k��g��ucce���u� M�k��g��ucce���u�
�OAT������������� B���g��g�OA����e B���g��g�OA����e
M�������e
�����������������
����������������������������� N! TIO RA ���������������������������� IST �� G � RE ��� RD ����4 � ��������������� -BI �� RLY ���� ����� EA
���
�
�����
Altova® XMLSpy® 2006 – The industry standard XML development environment.
Bring your
development plans to light Sneak a peek at XMLSpy ® 2006, and see how essential it is to master XML. Revealed in XMLSpy 2006 Release 3: �
Superior error messaging with dynamic hyperlinking
�
New XSLT 2.0 and XQuery profilers
�
Powerful trace points for XSLT debugging
�
Innovative restriction handling in XML Schema design Altova® XMLSpy, the industry standard XML development environment, is indispensable for modeling, editing, transforming, and debugging XML-related technologies. Illuminate your strategy with the world's leading XML editor, the original graphical schema designer, a code generator, file converters, debuggers, profilers, support for XSLT, XQuery, WSDL, SOAP, and a wealth of brilliant XML utilities and enlightened usability aides. Become a markup mastermind! Download XMLSpy® 2006 today: www.altova.com
XMLSpy is also available as part of the award-winning Altova XML Suite. Microsoft, Visual Studio, and .NET are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.
JUNE2006/VOLUME:6ISSUE6
TABLEOFCONTENTS VisitusonlineatWebServices.SYS-CON.com
InsideThisIssue SOA
�� Raghu Anantharangachar
T�eA�����e�v�ceO��e������� M��e���������������e��ec��ve
FROMTHEEDITOR
����ec�(��g)����� BySeanRhody
.....................................................................................
7
INDUSTRYCOMMENTARY
UD��’�De���y�� ByAjitSagar
.....................................................................................
8
STRATEGIES
M�������e���OA� T�ePe���eE��ec� H�w������y��������eex�e������ �e��u�ce����ew���d���OA
�4
ByRobertMorris
................................................................................ PRODUCTREVIEW
M��d�ee��OAP�c��e�e�ve� T�e���ed�����bu�eddeve����e��e�v�����e��
�8
ByBrianBarbash
................................................................................ INTEGRATION
INTEGRATION
��
TieuLuu, RiadAssir,and SandeepMaripuri
�OAD��������egy
V��������ucce���u��OA��������������
Leve��g��gg�OAP��� Leg�cy�y��e�����eg������ T�e�OA�ev��u�������g�e��e�
34
ByJamesCaple
................................................................................ NETWORKING
T�eBu���e��Be�efi���� ����ed�e�v�ce������OA O�g���z����������eg����������ug�� �e�v�ce��e�w��k��g������c� ByFrankMartinez
38
................................................................................ XML
XQue�y:A�6��Deg�eeV�ew BPD
3� StuartBurris
�eve��ye��e��������duce� dec������veXML���ce����g���gu�ge ByDr.DanielaFlorescu
44
................................................................................ AJAX
B���g��g���e��c��v��y��Web �e�v�ce�U���gAJAX T�ecu��e������u���Web�����c������ ByManivannanGopalanandMohitChawla
48
................................................................................
T�eEv��u�������OA� B���g��g�OA����e��������e www.WSJ2.com
SOA
�OA��dU�e����e���ce� T�eb���c�
ByDavidS.Linthicum
��
................................................................................
June20063
so a m a k e y o u r ^ s e c u r i t y m o v e s w i s e ly. . .
web services diagnostics
web services firewall
vulnerability containment service
soa security gateway
Putting together the pieces for the world’s most demanding SOA security systems
Forum Systems Enterprise SOA Security Solutions: • t r u st e d s oa m i d d l ewa r e • w e b s e rv i c e s s ec u r i t y • x m l acc e l e r at i o n w
w
w
.
f
o
r
u
m
s
y
s
t
e
m
s
.
the leader in web services & soa security
c
o
m
FROMTHEEDITOR www.Web�e�v�ce�.�Y���ON.c��
�NTERNAT�ONALADV��ORYBOARD ��������������������������������������������������� ������������������������������������������������������� ����������������������������������������������
TE�HN��ALADV��ORYBOARD
Collect(ing)Calls WRITTENBYSEANRHODY
�����������������������������������������������������
ED�TOR�AL Ed�����������e� �������������������������
XMLEd���� ����������
��du���yEd���� ��������������������������������
P��duc�Rev�ewEd����
��������������������������������
.NETEd����
������������������������������
�ecu���yEd����
������������������������������������
Re�e��c�Ed����
������������������������������������
Tec���c��Ed�����
�������������������������������� ��������������������������������������� ����������������������������� ������������������������� ��������������������������
���e���������Tec���c��Ed���� ������������������������������
Execu��veEd����
�������������������������������
O����eEd����
�������������������������������
PRODU�T�ON ARTD�RE�TOR
��������������������������
A��O��ATEARTD�RE�TOR� ������������������������������ ������������������������������� ��������������������������
WR�TER��NTH�����UE ��������������������������������������������������������������� ��������������������������������������������������������� ������������������������������������������������������������� ����������
ED�TOR�ALO����E� ������������ �����������������������������������4� ������������������������������������ �����������������������#���������� �������������������������������� �������������������������� ������������������������� ��������������4��������������������������s �������������������������������� ������������������������������������������� �����������������������������������4�
©�OPYR�GHT
���������©���������������������������������������������������������������������������� ������������������������������������������������������������������������������������������� �������������������������������������������������������������������������������������������������� ������������������������������������������������������������������������������������������������ ������������������������������������������������������������������������������������������� ����������������������������������������������������������������������������������������������� ��������������������������������������������������
�
’msittingintheairport,waitingformyend-of-weekflight,andlisteningtothelatest securitycontroversy.Apparentlythegovernmenthascompiledadatabaseofphonerecordsaspartoftheirfightagainstterrorism–thetheorybeingthatbyanalyzingthecall patternsandusingsomesocialengineering,theymightbeabletoidentifyterroristactivity. Ihavenoideaifthisislegalornot,butcertainlyit’ssomethingIneverexpectedwhileI wasusingmyphone.Isuspectthatmanypeoplebesidesmeexpectedtheircommunicationstobeconfidential.Apparentlythephonecompaniesfeltthatwasnotthecase. Afewmonthsago,abankthatIdobusinesswithlostatapewithallsortsofpersonal informationpertainingtoitscustomers.Theylaterrecoveredthetape,butnotbeforethey’d hadtosendoutanotetoallofuslettingusknowouridentitieswereinjeopardy. Sadly,thesearejustsomeoftheproblemsthatpresentthemselvesinthewiredworld. They’renotevenexamplesofmaliciousbehavior(Igivethegovernmentthebenefitofthe doubt);they’rejustthingsthathappeninthecourseofdoingbusiness,orrunningthecountry. Whiletheseincidentsdon’tpertaindirectlytoWebservicessecurity,ortosecuringanSOA,theycertainlyillustratethecomplexityof theproblemandtheseriousnessoftheissues. SecurityisafundamentalITissue,onethathasbeengrowingin complexityanddifficultysincetheinventionofthenetworkcard. Weallhaveinformationthatisimportanttous,andkeepingthat informationprivateissomethingweexpectfromtheorganizations thatweshareourinformationwith. SOAandWebservicesprovideeaseofcommunicationand mechanismsforwidespreaddistributionofapplicationfunctionality,oftenoutsidetheboundariesoftheenterprise.Manybusinessto-consumersites,forexample,provideWebservicesinterfacesto dothingslikebidonanauctionorpurchaseanitem.Duringthe transaction,sensitiveinformationistransmitted. It’sourexpectationthatthisinformationwillbeprotected,bothwhenthetransactionoccursandinthefuture.Thisrequiressecurityinmanyareas.Duringthetransaction,establishingasecuredconnectionandprotectingtheinformationtransferfromsnoopingeyes iscritical.OncetheinformationisinsideacompanythatemploysanSOAinfrastructure tosupportitsapplications,it’scriticalthatallavenuestothatinformationbesafeguarded aswell.Thisincludesprotectingdatabasesfromattacks,aswellasensuringthataccessto allofoursensitiveinformationisbothcontrolledandmonitored,sothattheclassicdisgruntledemployeeorcorporatespycannotsimplysiphonoffallofourinformationtosell tocriminals.Thisisnotaneasytask,andthevariouslegislativeprogramssuchasHIPPA, whichrequiresprivacyforhealthrecords,canmakethetaskevenmorechallenging. There’sabalancetoo,betweenprivacyandefficiency.Yes,I’dlikemydoctorstobeable toseemyrecordsinanemergency,butatthesametime,I’mnotsureIwantmyinsurancecompanytobeabletodothesamething.Withoutquestion,creatinganintelligent approachtoinformationsecurityisacomplextask.Dataneverreallydisappearsonceyou provideittoanothersource–andwehavetoallrealizethatprovidinginformationmay haveconsequencesthatweneverimagined.Wehavearesponsibilityaswelltobediligent andtonotallowsocialengineeringandInternetscamstotakeusin.Responsibilitystarts withus,andextendstothepeoplewetrustwithourinformation. OurfocusinthisissueisonSOAandWebservicessecurity.Thisisalwaysanimportant topicand,certainlyinlightofrecentevents,oneofinteresttoallofuswhoworkininformationtechnology. AbouttheAuthor SeanRhodyistheeditor-in-chiefofSOAWebServicesJournal.Heisarespectedindustryexpertandaconsultantwitha leadingconsultingservicescompany.[email protected]
www.�Y���ON.c��
June20067
INDUSTRYCOMMENTARY
UDon’tDeployIt
www.Web�e�v�ce�.�Y���ON.c��
�ORPORATE P�e��de����d�EO
WRITTENBYAJITSAGAR
�
fewyearsago,whenWebservicesstartedoutasabuzzwordintheenterprise,the wholeparadigmwasassociatedwith(andstillis)associatedwiththreeconcepts –SOAP,WSDL,andUDDI.Now,whenenterprisesareputtingWebservicesintoproduction,youwillmostlikelyseetwooutofthethreestakesbeingdrivenintotheground, butIhaveyettoseeanyrealadoptionofthe“dynamic”partofanyWebservicesimplementation.Webservicesaretakingrootasaveryfeasibleplatformforachievingserviceorientation(nottheonlyplatform,mindyou),butnoneoftheclientsthatIhaveinteractedwith haveanyplantoadoptaUDDI-basedserviceregistryinthenearorlongterm. W3CdefinesaWebserviceas“asoftwaresystemidentifiedbyaURI,whosepublicinterfacesandbindingsaredefinedanddescribedusingXML.Itsdefinitioncanbediscovered byothersoftwaresystems.Thesesystemsmaytheninteractwiththe WebserviceinamannerprescribedinitsdefinitionusingXML-based messagesconveyedoverInternetprotocols.”Ironically,thedefinition doesnotmentionWSDLasthemandatedstandardfordefiningand describingtheWebservice,SOAPastheXML-basedmessageformat, orUDDIasthemeansof“discoveringthedefinition.”Theonlythings mandatedbythedefinitionistheusageofXML.However,asweknow, thestandardWebServicesArchitecturespecificationassumesSOA, WSDL,andUDDI.Thedefinitionandprotocolaspectsaredefinitely standardizedandbeingdeployedinenterpriseapplications.However, thediscoveryaspectstillremainsapieintheskyasfarasitsactualapplicationintheenterpriseisconcerned. WebservicesisaplatformforachievingSOA.Inordertohavereusableservices,a component/servicerepositoryisaveryvaluableartifact.However,apublicrepositorythat canbeusedbymultiplepartiestolocateuniversallyavailableservicesacrossdistributed locationsisstillabitofanoverkillintheindustrytoday.UDDIisnotnecessaryforcategorizingservices.Dynamicdiscoveryandbindingareveryinterestingconcepts,untilthey areactuallyappliedtothewaybusinessestoday,andintheforeseeablefuture,willinteract withotherbusinesses. Whiletheconceptualization,development,deployment,andmaintenanceofubiquitous yellowpagesisinherentlycomplex,Idon’tthinkthatisthecruxoftheproblem.Thebottom lineisthatyouactuallyneedaviablebusinessmodeltoapplythetechnologytoo.Thinkof ourevolutionfromRPCtoCORBA,toRMI(inJava)toWebservices.Dynamicinvocation hasalwayshadthe“coolness”factortoit,buthasneverreallyfoundahomeinprevalent businessmodels.AfewyearsbackwhenallofusweredrinkingtheKool-Aidanddreaming aboutpublicmarketplaceswhereparticipantsofalllevelscouldparticipateinatransaction,thewholeconceptofmulti-party,multi-transactionalarchitecturesdidn’treallytake off.Thiswasnotafailingintechnology.Itwasafailingintheapplicationofviabletechnologytoanon-existentbusinessmodel.Howcouldpartiesconductingserioustradeputtheir trustincompanieswhowereheretoday,butmaybegonetomorrow? UDDIseemstoinasimilarsituation.Wehavealongwaytogobeforetransactions,based onarandomsearch,canbeconductedwithoutaformallyestablishedtrustrelationship betweentwoparties.Intheend,transactionsareconductedbetweenaconsumerandasupplier,andthesetwopartiesestablishrelationshipswellinadvancebeforeexchanginggoods. Onadifferentnote,ifyouarealookingforagoodbookthatdiscussesWebservicesfrom severalperspectives,checkoutPerspectivesonWebServicesbyZimmerman,Tomlinson, andPeuser.Areviewisavailableonmybloghttp://ajitsagar.javadevelopersjournal.com. AbouttheAuthor AjitSagarisaprincipalarchitectwithInfosysTechnologies,Ltd.,aglobalconsultingandITservicescompany.Ajithasbeen workingwithJavasince1997,andhasmorethan15yearsexperienceintheITindustry.Duringthistenure,he’sbeena programmer,leadarchitect,directorofengineering,andproductmanagerforcompaniesfrom15to25,000peopleinsize.Ajit hasservedasJDJ’sJ2EEeditor,wasthefoundingeditorofXMLJournal,andhasbeenafrequentspeakeratSYS-CON’sWeb ServicesEdgeseriesofconferences,JavaOne,andinternationalconference.Hehaspublishedmorethan125articles.
����������������������������
G��u�Pub����e� ������������������������������
ADVERT���NG �e����VP,���e�&M��ke���g ��������������������������������
VP,���e�&M��ke���g
�������������������������������
Adve������gD��ec���
���������������������������
Adve������gM���ge�
���������������������������
A���c���e���e�M���ge��
����������������������������
�Y���ONEVENT� A���c���eEve��M���ge� ����������������������������
�U�TOMERRELAT�ON� ���cu�������e�v�ce����d������ ��������������������������������
�Y���ON.�OM VP������������y��e�� �������������������������������
WebDe��g�e��
����������������������������������� �����������������������������
A��OUNT�NG �����c���A���y�� ��������������������������
Acc�u���P�y�b�e
���������������������������
Acc�u���Rece�v�b�e
���������������������������
�UB��R�PT�ON� ��������������������� ������������������������������ ����������������������������������������� ��������������������������������������������� ���������������������� ���������������������������� ����������������������� ��������������������������� ������������������������ W���dw�deNew�����dD�����bu����: �������������������������������������� ��������e���������������: ��������������4��������4�����������������������������; ��������������4��������������������������������������� �������������������������������������������������� ����������������������������������������������� ������������������������
[email protected] www.�Y���ON.c��
8June2006
BPEL is the SQL of SOA
Get started building next-generation SOA applications with the leading vendor of BPEL technologies
Download BPEL tooling & server software today
������������������
activeBPEL BPEL consulting, certification and training. BPEL design tools, servers and source code for Eclipse, Apache Tomcat, JBoss, WebSphere, WebLogic, BizTalk and Microsoft .NET. Copyright 2006 Active Endpoints, Inc. All Rights Reserved. All product names are trademarks or service marks of their respective companies.
SERVICE-ORIENTED ARCHITECTURE
TheArt
ofService Orientation
Morethanoptimalisineffective WRITTENBYRAGHUANANTHARANGACHAR
ServiceOrientedArchitecture(SOA)referstoanarchitectural solutionthatcreatesanenvironmentinwhichservices,service consumers,andserviceproducersco-existyethavenodependenceoneachother.SOAenablesanenterprisetoincreasethe loosecouplingandthereuseoffrequentlyusedsoftwareassets. Thesesoftwareassetstogetherwiththefunctionalitythatthey providearecalledservicesinSOAterminology.BynatureSOAs aretypicallyappliedtosolutionswithhighlyvolatilerequirements.
�
nthisarticletheemphasiswillbeonhowtoapplyservice orientationtosolveaproblemattheenterpriselevelandhow todecidehowmuchserviceorientationis“optimal.”Theword optimalmeansthepointofmaximumpay-offfortheinvestment specifiedandimpliesthatoncethatoptimalpointiscrossedeither thereturnoninvestmenttendstodroporthereturndoesn’tgrow proportionatetotheinvestment. Herewe’llattempttoindicatesomekeypointsthatcanbeusedin makingdecisionsabouthowmuchserviceorientationisoptimal.
10June2006
SOASolutionOverview AnSOAsolutionreferstoasolutionbuiltusingSOAconceptsand torealizeaSOAsolutionit’snecessarytomapthearchitecturetoan implementationusingaspecificsetoftechnologies/products/platforms.Aswithanyothersolution,aSOAsolutionischaracterized byasetofmandatory(andoptional)components.(SeeFigure1for themaincomponentsofanSOAsolution.) AcompleteSOAsolutionconsistsofthesemaincomponents: • Producer:Aproducerisanentitythatoffersaspecificserviceor functionality.Aproducerusuallyregistersthefunctionalitythatit providesandtheinterfacethathastobeinvokedtomakeuseof theserviceintherepository. • Consumer:Aconsumeristheentitythatmakesuseoftheservice offeredbytheproducer.Aconsumerlooksuptherepositoryand identifiesthedetailsabouttheserviceincludingtheinterface.It theninvokestheserviceusingtheappropriateinvocationmechanism. • Service:Aserviceistheentitythatdoesaspecifictaskwheninvoked.Italwaysdoesthesametaskregardlessofhowit’sinvoked. It’sprovidedeitherbyabusinessprocessorasetofbusiness activitiesrealizedusingaprogramminglanguage. • Contract:Acontractoraninterfacespecifiestheformatinwhich thedataisprovidedtotheservicetodoaspecifictask.Italso identifiestheinvocationmechanismtoinvoketheservice. • Repository:Arepositoryisaglorifiedversionoftheregistryand includesthemetadatarelevanttothesolution,namelytheservice,servicecontract,data/objectmodel,andsoon.Arepository
www.WSJ2.com
storesthedetailsabouteveryservicethatcanbeinvokedand thedetailsabouthowtoinvokeitwhichincludestheinterface details,invocationmechanism,andsoon.
ProblemDescription SOAismakingbigstridesintoeverycompanyandpenetrating intoeverybusinessinsomewayortheother.Whiletheanalyst forumsarefocusedonevolvingthebenefitsofSOAfromabusiness perspective,standardsbodiesareinvolvedinevolvingthestandardsneededbySOAtobuildanopenarchitecturethatstandardizesSOAsolutionsacrossallindustries.Thishasresultedinevery companybeingpushedto“assimilate”SOAinits“blood”anduse SOAasauniversalphenomenon.Inotherwords,everycompany takesprideinusingSOAineverycommunication,everynewsletter,everyproject,andsoonwithoutmakingaconsciousdecision abouthowmuchis“enough.”Thissituationcanleadtoacompany over-investinganddilutingtheSOAconcept.Itcanpotentially impactboththecompanyandtheSOA.Asaresult,it’sverylikely thatthecompanymight“burnthrough”itsfinancesorattribute itsfailuretoSOA.Soit’snecessarytounderstandhowmuchSOAis optimalanddecidewhereSOAshouldandshouldn’tbeused.
SOAImpactZones SOAtypicallycoversallaspectsofanenterprisewhenappliedin full.Thoughit’slikelythateverycompanymaynothavereached thematurityofapplyingSOAtoallitsdepartments,ourfocusison theServiceOrientedEnterprises(SOEs)thatuseSOAbroadly.Some ofthekeyimpactzonesincludethefollowing:
2.ArchitectureZone Thearchitecturezoneimpliesalltheaspectsofthetechnicalarchitecturethat’spartoftheSOAsolution.Thisincludesthevarious viewsofthearchitectureitselflikethebusinessview,technicalview, implementationview,functionalview,supportview,andsoon. TheseviewshelpdefineacompletesystemthatcansupportSOA. Thiszonecanbeclassifiedintothefollowingsub-zones:
Providers Providersaretheassetsthatprovideaspecificfunctionality.It’s necessarytodecidehowmuchproviderfunctionalityhastobe automated.Aswewouldallagree,everyenterpriseshouldhave anevolutionschemethatwouldinitiallystartwithamanualset ofprocesses,technology,andsolutionsthatwouldgraduateinto asemi-manual(partiallyautomated)setofprocesses,technology, andsolutions.It’sonlywithrepetitiveuse–andagainstspecific requirements–thatacompanyshouldconsiderautomation.Itmay beperfectlyfinetoleavespecificfunctionalityasamanualtask. Forexample,inthecaseofmobileoperators,itmightbeokayto automateonlytheprovisioningprocesses,butleavetherollback processesasmanualtasksfortheoperatortodo.Theamountof investmentrequiredtoautomatetheserollbackprocesseswouldn’t resultinaproportionatepay-off.
Producer
1.ProgramGovernanceandManagementZone Anenterprise’sprogrammanagementandgovernancegroupsare definitelyimpacted.Inthiscontext,it’sgoodtounderstandwhat thefunctionsofthesegroupsare.Keyfunctionsincludeproviding astrongrulesbasefortheSOAprogramandsupportintermsof definingthehierarchyofmanagementstaff,theirroles,responsibilities,interactionswithothermanagementstaff,andsoon.In thiscontext,it’snecessarytousecertainmanagementmodels(like patternsinthesoftwareindustry)todefinethefunctionalityclearly. Thetendencyistohavea“fully”automatedgovernancesystemin place(typicallycallede-governance)thatcanaddressandsupport SOA’sdeploymentintheenterprise. Thefollowingpointshelpidentifythelevelofautomationrequiredwhileworkingoutagovernancebodyforanenterprise: • Thesizeoftheenterprise.Howbigistheorganization?Thisisa keyquestiontobeposedbeforeworkingoutahugegovernance program.IfSOAcoverageissmall(say,lessthan20people)then itmakessensetohavemanualprocesses.It’swidelybelievedthat automationonlymakessenseinhugeorganizationssinceautomationrequiresahugeinvestment. • ThenumberofSOAdeployments.HowmanySOAdeployments willtheprogramgovernancecover?Ifthereareonlyfewprojects (saylessthanfive)thenitprobablymakessensetousemanual processes. • FutureplansandforecastingforSOAgrowth.WhatistheprojectionforfutureSOAgrowthandexpansion?ThisisanotherimportantpointtokeepinmindwhiledecidingontheSOAgovernance panel.However,rememberthatprojectionsdon’tnecessarily materializeandevenifthefutureseemsbright,it’sbettertomake provisionforadditionalgrowthinthegovernancepaneland processes,butnotnecessarilyinvestinit.
www.WSJ2.com
Integration
Repository
Consumer
Figure1:SOAsolutioncomponents
Sometipsinclude: • Howmuchproviderfunctionalityisgoingtobereused externallyandsoexternallypublished?Forexample,while buildinganinventorymodelingapplication,wemightwantto exposeonlythecoarse-grainedproviderfunctionslikecreate_ a_dsl_model_in_inventoryanddecidetokeepalltheinternal atomicfunctionsusedtocreatethemodelasinternal(likethe create_a_dsl_equipment,create_a_port,enable_a_portand soon).Withthisstep,it’spossibleto“balance”thenumberof interfaces/servicesexposedoutsideandthosethathavetobe internal. • Howmuchproviderfunctionalityisinternalbutusedinother applicationsandsohastobeinternallypublished?Inthis case,theinternalfunctionsareaggregatedandinaggregating themwewouldhavetoinvoketheinternalfunctions.When doingthis,wemightwanttocreateinternalorlocallyshared functionalityandmakeitavailabletootherinternalfunctionsor applications.
June200611
SERVICE-ORIENTED ARCHITECTURE
• Howmuchofproviderfunctionalitywon’tbereusedorislegacy andsodoesn’trequireloosecouplingresultingindirectinterfaceinvocation?Tounderstandthispoint,it’snecessarytoknow howmuchoftheproviderfunctionalityisbeingdevelopedfrom scratchandhowmuchisbeingreusedfromotherapplications (whicharelegacy).Legacyfunctionalityisn’ttypicallyattempted forfurtherbreak-upsinceittakesmoretimeandefforttore-engineer,andre-engineeringdoesn’tguaranteethesamebehavior andperformance.So,itmightbenecessaryto“wrap”thelegacy functionalitywithaSOA-basedproviderandexposeonlythefinal aggregatedfunctionalitytotheoutsideworld.Theotherprovider functionalitydoesn’thavetobelooselycoupledand,infact,can remainmonolithic. • Howmuchproviderfunctionalityreallyrequiresautomation?AcriticaldecisioninbuildingaSOAsystemistodecide howmuchautomationis“required”or“enough.”Forexample, consideranetworkprovisioningscenarioneedingasoftware componentthathastoconfigurespecifichardware(probably routers)andenablecertainportssothetrafficflows.Inthis scenario,it’spossibletodevelopbusinessprocessesorwrite code(usingalanguagelikeJava)thatcanestablishthesession withthehardware,talktothehardware,provisionthecustomer/service,andconfigurethehardware.Whiledoingthis,oneof
Consumers EveryconsumerinaSOAcontextdoesn’thavetobeanautomatedprogramorabusinessprocess.Theconsumerforaspecific servicecanbeahumanoperatorwhowouldrunaspecifictooland invoketheservicemanually.Someofthekeydecisionpointsinthis contextareasfollows: • Howmuchconsumerfunctionalityneedsexternallyoffered functionality?Andhowmanyoftheseexternalfunctionscould change(eitheroftheservicecontractorinterfacecontract)and requirearegistrylookup?Howmuchoftheconsumerfunctionalityrequiresexternal(B2B)interfacing?Theconsumerfunctionalitythatdoesn’trequirearegistrylookupdoesn’thavetobevery flexible.Inotherwords,itcanchoose“tightcoupling”resultingin betterperformance. • Howmuchofconsumerfunctionalityrequiresinternalfunctionality,butisusedinotherapplicationsandsohastobeinternally published? • Howmuchofconsumerfunctionalityisn’tgoingtobereusedor islegacyanddoesn’trequireloosecoupling,resultingindirect interfaceinvocation? • Howmuchconsumerfunctionalityreallyrequiresautomation? • Howmuchconsumerfunctionalitycanbeorhastobemanual dependingoneitherpay-offorthedifficultyofautomation?
It’s important to figure out how much service orientation is ‘optimal’ because once the optimal point is crossed the return on investment drops or the return doesn’t grow proportionate to the investment thestepsmightfailandrequirearollback.Therollbackpolicy woulddecidehowtherollbackshouldbedone.Therollback policywouldspecifyatwhatpointsintheprocesstherollback wouldbedone(rollbackgates)andwhattherollbackgranularityis(forexample,doallthestepshavetoberolledback oronlyafewselectedblockofsteps).Inthiscase,it’spossible todeveloptherollbackcomponentsinthebusinessprocess, however,theytendtobeoverlycomplexandrequirealotofeffort(relativetotheeffortspentindevelopingtheprocessitself ), sincetheprocesseshavetocheckthecontextinwhichthefailureoccurredandtrytorestoretheoriginalcontext.So,itmakes moresensetonotifytheoperatorwhenafailurehasoccurred andprovidemanualinterventiontofixtheproblemandleave therollbackpathcompletelymanual. • Howmuchproviderfunctionalitycanbeorhastobemanual dependingoneitherthepay-offordifficultyofautomation?The essentiallessonisthatautomationisn’tapanaceaforeveryproblem.Whileautomationcanprovideaddedsupporttoincrease productivitywhenusedwithduediligence,itcanbeoverkillin scenariosthatrequirelogicandreasoningandspanmultiple subsystems.Forexample,itmightbeveryhard,ifnotimpossible,todeveloparollbackprocesswhenmultiplesubsystemsare involved,sincetheprocesshastocheckandrollbackthestatesof eachoftheproductsinvolved.Thisassumesthateachandevery subsystemdothesame.
12June2006
Services Servicesareanyfunctionalityprovidedbyaprovidertoaconsumerfollowingclassicaldefinitions.It’susualpracticetorealize theseservicesusingeithersoftwareassets(orcode)orbusiness processes.It’salsopossiblefortheseservicestobeleaf-level (atomicservices)orcomposite(oraggregateorgroupofleaf-level services). Someoftheimportantpointsinthisregardareasfollows: • Howmanyserviceshavetobeautomated? • Howmanyservicesarenecessarilymanual(dueeithertothedifficultyofautomationorthecomplexityinvolvedinautomating themorduetoleavingthemmanualsincetheyaren’t“infocus” orkeyservices)? • Howmanyservicesareexpectedtobecalledfromoutside(B2B services)andhavetoberegisteredonexternalregistrieslike UDDI? • Howmanyservicesareexpectedtobecalledfromtheintranet andhavetoberegisteredintheinternalorcorporateregistry? • Howmanyservicesdon’thavetobereusableorarelegacy,and aremeantonlyforinternalconsumption.Theseservicescan bemadedirectlyinvocablewithoutacompleteregistrylookup optimizingperformance. • Howmanyserviceshavetobedevelopedusingcodeandhow manyusingbusinessprocesses? • Whataretheservicediscoverymechanisms?Isitnecessaryto
www.WSJ2.com
SERVICE-ORIENTED ARCHITECTURE
supportonlyregistrylookuporisitalsonecessarytosupportadvertisingandusetheprotocolforservicediscovery?Useadvertisingandacceptanceonlywithexternalservices. • Useconsequentialservicesortime-boundserviceswherepossible. Thisreducestheloadontheregistryandimprovesperformance.
Business Precesses and Best Practices Applications
Registry/Repository • Isitnecessarytosupportaninternalregistry? • Isitnecessarytoincludeinterfacesintheexternalregistry? • Whatisthestructureofthemetadata?Byidentifyingthebasicinformationstructureoperatedtogether,it’spossibletoarriveatasuitable granularityforthemetadata.Forexample,ifit’snecessarytooperate onthecustomerasanentitywithalltheassociatedattributes,it’spossibletoincreaseperformance,butitwouldimpactgranularity. • AregistrytypicallystoresalltheinformationrelevanttotheSOA implementation–frombasicinterfacecontractdefinitionsto moresophisticatedmeta-servicetemplates.Thefollowingprovidesomedecisionpointsinthisprocess: >Thefirststepisidentifyingthedatathathastobestoredinthe repository. >Whichinterfacecontractshavetobeglobalandsogointothe globalrepositoryandwhichinterfacecontractshavetobelocal andgointothelocalstore? >Doestheinterfacecontractcomplywithanystandards? >Doestheinterfacecontractsupportadvertisingandaccepting? Forexample,ifaspecificproviderprovidesan“advertising” mechanismforservicediscovery,doestheinterfacecontract supportthescheme?Aretheadvertisingandacceptingmechanismsvalidatedfor“clearrequirements”orisitpossibletouse directinvocationforsuchservicesaswell?
Broker • Doweneedabroker?Howmuchmetadatahastobestoredand accessedfromthebroker?Ifthereareonlyafewservices,itmay beagoodideatouseahomegrownbrokerorasimpleregisterlookupbroker.However,iftherearelotsofservices,itmaybe necessarytouseastandardbroker.Thesophisticationofthe brokerdependsonthenumberofservices,amongotherthings.
IntegrationMedia • Whatistheintegrationmedia?Dowereallyneedasophisticated ESB?CanwemakedowithsimpleOpenSourcemiddlewareor canweusesimplehomegrownmiddleware?Thesearesomeof thequestionsthathelpinidentifyingthelevelofsophistication requiredintheintegrationmedia. • Whatisthelevelofsecuritytobesupported? EvenifweusehttpoverLAN,wecanstillcomplywithSOA principles,it’sjustamatterofbusinessrequirement.SOAdoesn’t mandateanyspecificintegrationmedia.
MaturityofanOrganizationversusSOA Thematurityofanorganizationisusuallymeasuredinitsperformanceagainstaspecificsetofgoals.Thesegoalsarebusiness driversthathelpindefiningthescopeoftheorganizationalfocus, whichisalwaysonmeetingbusinessgoalsandincludes,amongthe otherthings,increasingprofitsandreducingrisks. So,tocomplywiththematuritymodelsexistingintheindustry,it’s necessaryforanorganizationtomeetsomeoralloftheSOAprinciplesinsuchawayastomaximizeitsapplicabilitytothebusiness.
14June2006
Infrasturcture Figure2:SOAsolutionview
AswecanseeinFigure2,theSOAsolutionconsistsofmultiple components–aninfrastructurelayer,asetofapplications,asetof businessprocesses,andbestpractices.ThoughexpertiseinSOA architectureisthefoundationoftheoverallsolution,theother components,namelythebusinessprocessexpertiseandapplicationsexpertise,areabsolutelyrequiredtoarriveatanend-to-end solutiontotheproblemathand. Aswecansee,thematurityofanorganizationisreflectedinthe effectivenesswithwhichitmeetsitsgoals,andsoincreasesitsprofits andreducesitsrisks.Maturitycan’tbeinferredbyactivityperse,butit canbeinferredinthewayanactivityisdone.However,it’snecessary tokeepinmindthatthesetofactivitiesneededtomeetbusinessgoals arealwaysspecifictotheorganizationandspecifictoeveryenterprise. Onceanorganizationhasstateditsgoals,plans,andactivities,maturityisthemeasureofhowwelltheseactivitiesaredone. Inthiscontext,wehavetokeepinmindthateverybusinesshasto alignitsbusinessgoalswithitsITcapabilities.Evenasmallteashop hastodobusiness-ITalignment,andevenahugeorganizationdoes thesamebusiness-ITalignment.However,asmallorganization canusemanualprocesses(thatmayormaynotbedocumented/ standardized)andahugecorporationcanusealotofautomated processes.Todecidewhichcompanyismoremature,it’snecessaryto weightheexecutionofthebusinessactivitiestomeetthegoalsinthe contextofthesizeofthebusiness.Agoodmaturitystudymayconcludethatasmallcompanywithafewemployeesisbetteralignedto SOAthanahugecorporationwithlotsofemployees. Onemustalsokeepinmindthateveryhugecorporationisthe resultofasustainedexistenceinbusiness,improvingonitselfyear afteryear.Abigmoderncorporationwasonceasmallcompany. HencetherulesforSOAmaturityshouldbeinterpretedinthelight ofthesizeoftheorganization,thedocumentedbusinessgoalsor practices,andexpectedfutureplans.
Summary Intoday’scontext,it’sgoodtounderstandclearlywhatSOAcando andwhatitis.Andit’smoreimportanttounderstandhowmuchSOA isenoughforagivenorganization.Inotherwords,theoptimumapplicationofSOAcanresultinenormoussavingsandreturnforanorganization.Beyondtheoptimumpoint,anySOAapplicationwould onlybringlimitedresults.Weattemptedtothrowsomelightonsome oftheimportantfactorstobeconsideredinmakingthisdecision. AbouttheAuthor RaghuAnantharangacharisaseniorsolutionarchitectwiththeHewlettPackardGlobal DeliveryIndiaCentre,Bangalore.HeisassociatedwiththeSOACenterofExcellence,andas welltheTechnologyInnovationLeadershipGroupatHP.Raghuhasabachelor’sdegreein computerscienceandengineeringfromBangaloreUniversityandamaster’sdegreeinindustrialmanagementfromtheIndianInstituteofScience,Bangalore.
www.WSJ2.com
INTEGRATION
SOA DataStrategy VitaltoasuccessfulSOAtransformation WRITTENBYTIEULUU,RIADASSIR,ANDSANDEEPMARIPURI
TheadoptionofServiceOrientedArchitecture(SOA)promisestofurtherdecouplemonolithicapplicationsbydecomposingbusinessfunctionsandprocessesintodiscreteservices. Whilethismakesenterprisecomputingassetsmoreaccessible andreusable,SOAimplementationpatternsareprimarilyan iterationoverpreviousapplicationdevelopmentmodels.Like mostapplicationdevelopmentevolutions,SOAapproaches injectmorelayersandflexibilityintotheapplicationtier,but haveoftenneglectedthemostfundamentalbuildingblockof allapplications:theunderlyingdata.
CurrentDataEnvironmentofMostITOrganizations
�
heconditionofatypicalorganization’sdataenvironmentis usuallynotwhereitneedstobebeforetheorganizationcan beginaSOAtransformation–fromanenterpriseperspective, there’softenalackofauthoritativesourcesandawidearrayoftechnologiesusedforstoringandprocessingdata.Generally,there’sno singlesystemthatoffersacompleteviewoftheorganization’score businessobjects,sincemostlargeITorganizationshavetheircore enterprisedataspreadoutandreplicatedacrossmultiplestovepipedsystems.Eachsysteminanenterpriseoftenmaintainsdata
16June2006
withinitsspecificcontextratherthanthecontextoftheenterprise. Dataqualityandinteroperabilityissuesabound,especiallywhen data-consumingsystemsaccessavarietyofdata-producingsystems,eachofwhichmaintainsanisolatedviewofenterprisedata. Thesedifferencesleadtoinconsistenciesandinaccurateviewsof thebusinessprocesses.Figure1illustratesthesedataaccessand managementchallengesimpactingSOAtransitioninitiatives. AnSOAtransformationamplifiesandexacerbatesanorganization’sexistingdataproblems.Becauseoftheintegratednatureof SOA-basedapplications,anorganizationwillbebuildingontop ofaveryweakfoundationunlessitfirstaddressestheissueswith itscurrentdataenvironment.Thisis,inmanyways,analogousto constructingahigh-risebuildingontopofalandfill. Considerthelackofauthoritativeenterprisesourcesasanillustrativeexample.Supposethatinanorganization’ssupplychainsystems’ portfoliotherearefivesystemsthatholdsupplierinformationinternally.Eachofthesecanbeconsideredalegitimatesourceofsupplier datawithintheowningdepartment.Whenbuildingaservicetoshare supplierdata,whereshouldthesourceofsupplierdatabe? • Oneofthefivecurrentsystemsthathavetheirowncopyofthe supplierdata?Ifso,whichone? • Anewdatabasethat’screatedforthisspecificpurpose?Howdoes thisdatasourcerelatetotheexistingsources? • Doesdatahavetocomeconcurrentlyfromallofthefivedatabases? Eachofthesesolutionshastheirprosandcons;there’snoright orwrongapproach.Thepointisthatthesedataissuesmustbe resolvedbeforeanimplementationteamcanproceed.Bythetime theimplementationteamtakesoverandbeginsbuildingtherequisiteservicesandinfrastructurethesekindsofquestionsshouldbe
www.WSJ2.com
answeredalreadybytheorganizationatthebusinesslevel.Unless theyarethesedataissueswilloftenperpetuateandhamperthe benefitsofcreatingservicesthatsharedata.Inotherwords,aservicemayendupsharinganincompletesetofdataor,worse,exhibit incorrectbehaviorbecauseit’snotworkingwiththe“right”data.
TargetVisionofDataEnvironmentinaSOA Thewayanorganizationthinksaboutapplicationsanddata mustevolve–itmuststopthinkingaboutdataasasecond-class citizenthatonlysupportsspecificapplicationsandbegintorecognizedataasastandaloneassetthathasbothvalueandutility. Organizationsshouldestablishtheirdataenvironmentswith“hubs ofspecificdatafamilies”thatexposedataservicesthatcomplywith industrystandardsandservicecontracts.Thegoalistocreateaset ofservicesthatbecomestheauthoritativewaytoaccessenterprise data.Inthistargetservice-orientedenvironment,applicationsand dataworktogetheraspeers.Thus,bothanorganization’sbusiness functionalityanddatacanbeleveragedasenterpriseassetsthatare reusableacrossmultipledepartmentsandlinesofbusiness.This targetvision,illustratedinFigure2,enablesthefollowingdesired characteristicsoftheenterprise’sdataenvironment: • Singlelogicalsourcesfromwhichtogetacompleteviewofthe enterprisedataobjects • Increasedawarenessoftheprofileandcharacteristicsofthedata intheenterprise • Improveddataqualityacrosstheenterprise • Enforceddatastandardsbyusingadataserviceslayer • Datathat’sclearlyvisibleandreadilyaccessible • Reducedrelianceoncustominterfacesandproprietaryformats • Clearlyidentifiedauthoritativedatasourcesthatareeffectively usedthroughouttheenterprise • Securitythat’s“bakedinto”thesolution,andnotanafterthought • Datathat’seasilydiscoverablebypotentialconsumersacrossthe organization
theyseefitandthesechangescanrippleacrossotherdivisionsand ultimatelyimpacttheinteroperabilityoftheenterpriseasawhole. Withoutadefinitionofenterpriseownershipandstewardship ofthedatacontrollingsuchchangesaredifficult.SoanSOAdata strategyshouldincludeestablishinganenterprisedatamanagementfunctionasthedatagovernancemechanism.Acentralized managementfunctionisneededtotreatdataasanenterprise assetinsteadofastheassetsofindividualdepartments.Thegroup responsibleforthisfunctionaddressesdataissuesandestablishes policiesandprocessesthatcutacrossmultipledepartments.The responsibilitiesofsuchagroupshouldinclude: • Definingtherolesandresponsibilitiesofdataproducersanddata consumersacrosstheenterprise • Decidingtheissueofdatastewardship—“who’sinchargeof managingthisparticulardatafamily?” • Vettingandinstitutionalizinglogicalandphysicalmodels • Establishingpoliciesandcomplianceguidelinesforadheringto datastandardschosenbytheenterprise • Mandatingtheuseofspecificschemasastheformatforexchangingcoreenterprisedata • Establishingprocessesforexceptions,changestostandards,versioncontrolofmodels,andchangingcontrolprocedures • Mandatingtheuseofspecificservicesasauthoritativesourcesfor thedataobjects/familiesthattheyserve.
TYPICALDATAENVIRONMENTINALARGEORGANIZATION
SOADataStrategy Acomprehensivestrategythatdefineshowtheenterprise’sdata shouldbemanagedinanSOAenvironmentisneededtoachieve thetargetvision.Thisstrategyaddressesissuessuchasdatagovernance,datamodelingfromanenterpriseSOAperspective,data quality,security,andtechnologysolutionssuchasdataservices.
DataGovernance Governanceisoftencitedasanimportant partofSOA.However,thisgenerallyrefersto thegovernanceofservicesandnotthedata sharedthroughservices.JustaspropergovernanceofservicesiscriticaltoanSOA,proper governanceofthedataisequally,ifnotmore important.Manyoftheproblemsassociated withanorganization’sdataenvironmentcan’t besolvedthroughtechnologysolutionsalone. Decisionsandpoliciesmustbeissuedatthe organizationallevelthatcanthenbeimplementedthroughthetechnology.Forexample, theabsenceofanenterprisedataownership conceptisaclassicdatagovernanceissue. Differentdivisionsinanorganizationcontrol thedatawithintheirownsystemboundaries.Theycanmakechangestothatdataas
www.WSJ2.com
Figure1:WeakdatafoundationforaSOA
Figure2:TargetvisionforaSOAdataenvironment
June200617
INTEGRATION
EnterpriseDataModels Torealizethetargetdataenvironment,someagreementisneeded aboutwhichcoredataelementsandstructuralbusinessrulesare representedbythoseservicesaccessingthem.Whileit’spossibleto implementservicesontopofthecurrentdatasourcesbyleveragingtheexistingdatamodelsinthosesystems,thisisnotoptimal. Suchanapproachwillcontinuetoproliferatenon-authoritativedata sources,eachwithitsownmodeldesignedtosupportspecificneeds withoutenterprise-levelconsistency.Whencreatingtheenterprise datamodels,anorganizationmustshiftawayfrommodelingthe datafromasystems-onlyperspective.Inotherwords,theorganizationmustlookatthedatafamiliesthemselvesandfocuslessonthe detailsofthespecificapplicationsthatareusingthem. Howdoesanorganizationmakethisshift?First,itmustdecide onits“core”datafamilies,whicharesometimesalsoreferredtoas “master”data.Coredataisrelativelyeasytodeduce,givenageneral understandingofthekeybusinessprocesses.Forexample,the “supplier”datafamilyinasupplychainbusinesscouldbeconsideredcoredata.Whileitmaybetemptingtomodeleverycoredata familyinfulldetail,itmaybewisertoidentify“agoodfirstset”and beginwiththat.Agoodapproachistosimplytackletheobvious coredatafamiliesfirst,learnfromtheexperience,andthenapply thoselessonslearnedtomodeltherestofthedata. Next,theenterprisemodelmustdecidewhichdataelementsare strategicforoperational,reporting,andaccountabilitypurposes, andwhicharerelevantonlytooneorseveralsubsetsofthebusiness.Commonstrategicdatashouldbethoughtofasthesubsetof fieldsthatanyapplicationthatusesthisdatafamilycanfullysupport.Alltheotherdataattributesshouldbeconsidered“optional,” evenifthey’recriticaltocertainapplications.Inthesupplychain example,“supplierperformance”isn’tpartofthecoredatabutit maybecriticaltooneortwosystemsintheorganization.Since theenterprisedatamodelisapplicabletotheentireorganization, thestandardwouldalwaysexpectthecoredatatobeprovided.It shouldalsogiveeachsystemtheflexibilitytobeextendedwithadditionaldatathat’srelevanttoitsownpurpose.
TechnicalConsiderations SOAimplementationsusuallyexhibitdecentralizedfederatedtopologies.Sotheabilitytomergedataproperlyandenableauthorized enterprise-wideaccessarenecessarytoensurethatinformationcan beleveragedtosupportenterpriseobjectives.Enablingthesecapabilitiespresentsnumerouschallengesintheareasofdataquality,security, andthedataservicesarchitecture.Thenextsectionsdescribesomeof thesechallengesandproviderecommendationsforaddressingthem.
DataQuality SOAinitiativesoftenfocusontheimplicationsofconnecting disparatesystems.Afundamentalconcernofimplementingsuch connectionsishowtoensurethatthedataexchangedisaccurate, meaningful,andunderstandablebyallparticipatingparties.Users, consumingservices,anddatasourcesalloperateaspeersinanSOA. Thesepeerswilloftenusedatainnewandunanticipatedways.Soit becomesincreasinglydifficulttoservemeaningfulinformationwithoutnormalizingexistingdataassets.Thisincludesnotjustschematic normalization,butinstance-levelde-conflictionaswell. Tothisend,dataqualitystudiesareparamountinensuringthe successofaSOAimplementation.Typicallythisincludesunderstandingwhatdataisavailable,wherethisdataislocated,andwhat stateit’sin:
18June2006
• Whattypesofdataareusedintheenterpriseandforwhatpurpose? • Whatunderlyingqualityissuescanbeidentifiedbasedondesign metadataandcurrentbusinessrules? • Whatkindsofdataarecoretothebusinessandwhatareancillary oronlynecessaryforaugmentedrecords? • Forcoredata,howmanynon-SOAsystemscurrentlystorethis dataandinwhatformat? • Forcoredata,whataretheinstance-levelvaluesfordatarecords andtowhatextentaretheydifferentacrosssystems? • Whataretheintendedsemantics,orbusinessmeaning,encoded inthedatastructuresandvalues? • Isanyofthisdatastaleoroutdated?Isanyofitincorrect?Hasany ofitbeenimproperlyimported?
ResolvingDataConflicts Besidesthesescopingandprofilingexercisestomanagedata quality,it’salsoimperativetoresolvevalue-levelconflictsthatexist inthedata.Theseconflictscanbecategorizedintothreemajor types(C.H.Goh,“RepresentingandReasoningaboutSemantic ConflictsinHeterogeneousInformationSystems,”SloanSchoolof Management,MassachusettsInstituteofTechnology,16-22,January1997.): • StructuralandFormattingConflicts:Conflictsintheformatsof thedatavaluesandschemasusedforstructuringandorganizing thedata.Someexamplesofstructuralandformattingconflicts includetypeconflictsinwhichdifferentdatatypesareusedto representthesameelement.Forexample,customerIDisstored asadoubleinonesystemandasastringinanothersystem. Anotherexampleislabelingconflictswheresimilarconceptsare labeleddifferentlysuchas“supplier”versus“vendor.” • Semanticconflicts:Conflictsinhowthemeaningsofcertaindata valuesareinterpreted.Examplesofsemanticconflictsinclude naminginwhichthesameconceptisexpressedwithdifferent values.Thisissimilartothelabelingconflictbutoccursinthe datavalue,whereaswithlabeling,theconflictisinthelabelon thedatastructure(metadata).Thesignificanceofthisdifference isthatwiththesemanticnamingconflict,detectionandresolutionmaybemoredifficult,andthedetectionandresolution mechanismhastobeappliedmultipletimesovertheentiresetof values. • Intensionalconflicts:Conflictsarisingwhenconsumerassumptionsandexpectationsofdatacontentdifferfromthoseofdata producers.Theseconflictsareprevalentwhenstructuralrepresentationsareidenticalbutthedatadomainsthatareencapsulatedinthesestructuresvarywiththedataproducers.Intensional conflictsoftenarisewhenvaryingproducershavefundamentally differentconceptionsofintegrityconstraintsbetweenrelated entities:cardinality,nillability,oruniqueness. Thesedataconflictscanoftenbeaddressedbyusingcommercial datamanagementtoolsandmethodologies,aswellasenterprise datamodelingsoftware.Anotheremergingpossibilityissemantics-centricmodelingenvironments.Insteadofhard-codingdata cleansingroutines,thesetoolsuseasemanticdescriptionofthe enterprise–thebusinessconceptsandrelationshipsbetweenthose concepts,aswellasanybusinessrulesgoverningtherelationships –andprovideamechanismtodescribehowlegacysystemssupport thesemanticsoftheenterprise.Thisusefulabstractionletsthe enterprisedeterministicallyidentifyhoweachenterprisedataas-
www.WSJ2.com
"Everyone wants faster, better, cheaper. We thought they might appreciate smarter, too." Entering the integration market we had three advantages: we knew the costs and hassles of traditional integration solutions were limiting their adoption, we saw that a standards-based service oriented architecture would solve these problems, and we had the world’s most ® scalable enterprise messaging server, SonicMQ , as a core
technology. We combined SonicMQ’s performance and security with Web services, XML transformation, intelligent routing and a new distributed deployment and management infrastructure to develop the world’s first Enterprise Services Bus, Sonic ESB™. With it businesses can easily integrate existing and future applications
to
create
unprecedented
business
agility,
and they can start today knowing they can scale to meet tomorrow’s needs. We call it incremental integration. It’s smarter. It’s also faster, better and cheaper.
Gordon Van Huizen, Sonic Software
INTEGRATION
Like a high-rise on a landfill, an organization will be building on top of a very weak foundation unless it first addresses the issues with its data setsupportstheenterprisebusinessfunctions,aswellasanygaps betweentheenterprisesemanticmodelandtheunderlyingdata representationschemes.Thismodelingapproachcanthenbeused todeterminewherephysicaldataconflictsorduplicationsmay exist,aswellasforwardengineerdataconsolidationandcleansing scripts.
wellasthespecificoperationrequested.Thedataservicethen delegatesthedecisiontoeachdatasourcesotheycanauthorizeaccesstotheirspecificdataobject(s).Thus,coarse-grained decisionsaremadeattheenterpriselevelwhilefiner-grained decisionsusedatasource-specificprofilesandpoliciesthataren’t exposedtotheenterprise.
DataAccessControls
DataServicesArchitecture
Intraditionalapplicationarchitectures,dataaccesssecurityis typicallygovernedbyapplication-specificmechanisms.Inthis environment,eachsourcehasitsownsetofusers,roles,andaccess controlpolicies.Whichmeansthatuserprofiles,roles,andaccess controlpolicieslackconsistencyacrosstheenterprise.AnSOA environmentmagnifiesthisproblembymakingdatasourcesvisible acrosstheorganization.Soitbecomesincreasinglyimportantto moveawayfromindividualapplication-specificanddatasourcespecificmechanismsinfavorofenterprise-levelSOAidentity managementandaccesscontrolmechanisms. Thismeansthatwhencreatingthecentraldataserviceslayer, thedatasourcesmustrelyoncentralprovisioningofsomesecurityfunctionssotheycanbemanagedcentrally.Thechallengeis infindingtherightbalancebetweenthesecurityfunctionsthat shouldbemanagedcentrallyandwhatshouldbemanagedaspart ofthedatasources.Thereareseveraloptionsinimplementingsuch ascheme,includingacentrallymanageddatasecuritylayer,orusinglayeredauthorizationthroughmultiplepolicydecisionpoints (PDP). Withthecentralmanagementoption,thedatasourcesrelinquish securityandrelysolelyonthedataservicestoprotecttheaccessto theirdata.Withineachdatasource,asingleuserprofileiscreated forthedataservicethathasfullaccesstothedata.Anyrequestto thedatathroughthisserviceisauthorizedthroughthisuserprofile. Sothere’snolongeraconcernaboutwhethertheprincipal’sidentityfromtheoverarchingsecuritydomainexistsormeansanything inthedatasource.However,thisoptionpushessecuritychecksinto thedataservicelayerandreducesthegranularityofaccountability. Asaconsequence,anyaccesscontrolpoliciesfromthedatasource alongwiththeassociatedrolesandprivilegesshouldnowbere-createdandmaintainedatthecentralenterprisepoints. Incontrast,layeringtheuseofmultiplepolicydecisionpoints encouragesthereuseofexistingauthorizationcapabilities, userprofiles,andaccesscontrolpoliciesoftheunderlyingdata sources.Thisapproachallowssomeofthemorefine-grainedaccesscontroldecisionstobemadeatthedatasourcesratherthan elevatingthemintotheenterpriselayer.Althoughmanyvariations existforthisdesign,thepremiseisthatdifferentlayersofauthorizationwithmultiplePDPsaremakingthedecisions.Thebasic flowofthisapproachisasfollows:Authenticationstilloccursat theedgeusingenterpriseauthenticationservices.Requestsfor dataoriginateatdifferentsecuritydomainsintheenterprise.A PDPineachofthesedomainsevaluatesrequestsforresourcesin thatdomain.Whenadataserviceisinvokeditcallstheenterprise policydecisionpointtoauthorizeaccesstothedataserviceas
Fromanarchitecturalperspective,theheartofthissolutionisan enterpriselayerthatlogicallycentralizesaccesstothedataspread acrosstheenterprise.Thissetoflogicallycentralizeddataservices providesseveralarchitecturaladvantages.First,theenterprisecan assertgreatercontroloverthegovernanceandimplementationof dataaccessmechanisms.Second,clientsuseaconsistentmechanismtoaccessdata.Third,theenterprisecandesignandimplementasolutioninaholisticfashioninsteadofthetypicalone-off modelsthatarethenormindataintegration.Finally,besidesthe basicCreate,Read,Update,andDelete(CRUD)operations,theunderlyingarchitecturemustalsosupportdataaggregation,inter-servicetransactions,andmultipleaccessandusagepatterns,allwhile ensuringacceptablelevelsofqualityofservice.
20June2006
DataAggregationScenarios Thisdataserviceslayeractsasafaçadeovertheenterpriseassets –itlogicallyprovidesaccesstoenterprisedataassetsinasingular manner,whilephysicallydispatchingrequestsandaggregations acrossrelevantco-locatedassets.Threemainscenariosshouldbe consideredfordataaggregation: • Theunifiedviewofadataentityisdefinedbycombiningattributesfrommultiplesources.Theactualdataofthatviewisalso obtainedbycombiningdatafrommultiplesources.Themaindifficultywiththisaggregationscenarioislinkingrelateddatafrom multiplesystemsthatmaynotshareuniqueidentifiers.Thisoften requiresthecreationofacross-referencetabletolinkrelated records. • Theunifiedviewofanentityisderivedfromthemodelofa singlesource.However,theactualdataisobtainedfrommultiple sourceswithdifferentmodels.Themaindifficultyhereisan understandingofde-duplication–tappingmultiplesystemsto getacompletesetofinstancedatacanresultinmultipleinstance recordsaboutthesamething.Inthiscase,onceduplicatesare identified,whichonesurvivestobecomethe“goldencopy”?In thismodel,identificationanduseofauthoritativesourcesbecomesimportant. • Theunifiedviewofanentityispartitionedacrossmultiple instancesofasinglemodel.Datadistributioncanbetheresult ofplannedpartitioningorjusttheadhocuseofthesamesource systemacrossmultipledepartmentsresultinginmultipleinstances.Incaseofplannedpartitioning,thepartitioningschema canbeusedtooptimizetheperformanceofthedataaccesslayer, whileinthecaseofadhocdistributionduplicatesareaproblem andshouldbeaddressedthroughtheuseofauthoritativedata sources.
www.WSJ2.com
INTEGRATION
Someoftheseaggregationcapabilitiescanbesupportedthrough EnterpriseInformationIntegration(EII)technology,whichprovides SOA-centriccapabilitiesforaccessingandqueryingco-locateddata inreal-time.EIIproductsprovideadapterstolegacydatasources andexposetheirunderlyingdatainaservice-orientedfashion. EIIisbestusedindiscretequery-basedmechanismswheredata volumesaremoderate.EIIisn’tmeanttobeareplacementfortraditionalETL(extract,transform,load),EAI(enterpriseapplication integration),orMDM(masterdatamanagement)technologies.For example,someoftheaggregationscenariosrequiringde-duplicationcapabilitiescanrequiretheuseofMDMtechnologies. Thedataserviceslayerallowscreatesandupdatestoberequested oncebyaclientandthendecomposedbythesupportingarchitectureintoindividualwritecommandstotargeteddatasources. Therefore,thearchitecturemustsupporttransactionality–ensuring thatwritesareconsistentsothatunderlyingdataacrossallaffected datasourcesareleftinaconsistentstate.Thisisn’tsignificantlydifferentfromcurrentdataintegrationpains.However,mostsystems todayrequiringmulti-writetransactioncapabilitiesleveragetheXA standards.SimilarstandardsfortheWebServicesenvironmentare onlystartingtoemerge.OASIShasrecentlyformedaWebServices TransactionTechnicalCommittee(WS-TXTC)responsibleforstewardingWS-AtomicTransaction,WS-Coordination,andWS-BusinessActivityspecificationsthroughthestandardizationprocess.Noneof thesestandardshavebeenratifiedyet.Becausethesespecifications arestillbeingdeveloped,mostSOA-relatedtransactionsupportis beingcustom-developed,typicallythroughtheuseofhomegrown compensationmechanisms–effectivelyan“undoing”ofapreviouslyexecutedserviceinvocation.Insteadofprovidingtruerollback semantics,compensationisanadditionalserviceinvocationthat rewritesdatatoitsoriginalstate.Whileitmaybebeneficialtotakea wait-and-seeapproachtobuildingtransactionality,solutionsaligned withthethreespecificationsseedingWS-TXdeliberationswilllikely providethepathofleastresistancetostandardscompliance.
QualityofService Withallthedataaccessoperationsgoingthroughthisdataserviceslayer,amajorconcernisthepotentialbottleneckatthislayer thatmaylimitscalability.Theobviouswaytoresolvethisproblem istocreateaclusteredenvironmentwithmultipleinstancesofthis dataserviceslayer. Therearecomplexitieswithclusteringdependantonwhetherthe enterpriseisusingapurelyfederatedapproachorhassomelevelof datareplication.Ifusingapurelyfederatedapproach,thenitcan besimpletohaveaclusterwithmultipleinstances.However,the architecturemuststilladdresstheissueofaffinityforaparticular instance–especiallyinthecaseofinter-servicetransactions.The architecturemustaddressquestionssuchas:Arealloperations thatarepartofatransactionforcedtogotothesamedataservice instance?Candifferentoperationsthatusedifferentdataservice instancesstillbepartofthetransaction? Asimplesolutionistorequirealloperationsinasingletransactiontointeractwithasingleserviceinstance.However,thissolution isn’twithoutitsdisadvantagessinceitcanaffecthowwelltheload isdistributedacrossthecluster.Withsomereplication,clustering becomesmoredifficult.Inadditiontotheserveraffinityissue,the architecturemustincludeapartitioningstrategy.Thisstrategyanswersquestionssuchas:Doallinstancesofthedataservicesallow accesstoallthedata?Oraredataservicespartitionedsothatonly certaininstancesallowaccesstocertaindata?
22June2006
DataAccessandUsagePatterns It’simportanttonotethatdifferentapplicationshavedifferent dataaccessandusagepatterns.Someapplicationscanproduce manytransactionsbutaccessonlyasmallamountofdataineach transaction.Forotherapplications,thetransactionthroughputcan besmallbutthevolumeofdatathat’saccessedverylarge.Theway totunedatasourceperformanceforthesepatternsisverydifferent. Whenusingadataservicessolutiontoprovidecentralizedaccessto enterprisedatasources,theenterprisemustaccommodateallthe variousaccessandusagepatternsoftheapplicationsthatwillbe integratedwiththissolution.Tuningtheinfrastructuretosupport asingleapplication’sperformancerequirementsiscomplicated, tryingtotuneittoadequatelysupportmultiplepatternsofuse andaccesswillbeevenmoredifficult.Often,therewillbeconflictingconfigurations—somethingthatoptimizestheperformance ofoneapplicationwilldegradetheperformanceofanother.The enterpriseshouldanalyzeandmodeltheaccessandusepatterns oftheapplicationsthatwillbeusingthedataservicesandensure thatwell-definedperformancecriteriaforeachscenariohave beendeveloped.Additionally,enoughtimeshouldbeplannedfor testingtheperformanceofaparticularsolutionwithsimulations thatreflecttheaccessandusagepatternsthatarecommontothe enterpriseenvironment.
Summary Harmonizingdataassetshasalwaysbeenachallengingproblem; theproblemsandurgencyarefurtherexacerbatedwhenmigrating toanSOA.Developingastrategyforhandlingthiskindoftransition isessentialtoproperlyenablingdataaccessinanenterpriseSOA environment.Bydevelopingappropriaterequirementsandusecasesandbyanalyzingdataassetsanddatausage,organizationscan betterunderstandthebreadthanddepthoftheirdataintegration issuesandbegintotakestepstoaddressthem.Ultimately,every organizationmustdevelopastrategytailoredtoitsspecificneeds, buttheoverallapproachdescribedinthisarticleprovidesguidance inunderstandingwhattypesofquestionsshouldbeaskedandhow toleveragepossibletechnologysolutionstoaddresstheresulting issuesthatareidentified.Thisguidancewillenableorganizationsto fullyleverageandexploittheirmostimportantstrategicasset:their data. AbouttheAuthors TieuLuuisanAssociatewithBoozAllenHamiltonwhereheworksonarchitecturesandstrategiesforlargeenterprisesystems.PriortoBoozAllenHamilton,TieuheldleadengineeringpositionsatcompaniesincludingGrandCentralCommunications,MercatorSoftware,andAether Systemswhereheworkedonthedevelopmentofintegrationandmobilecomputingplatforms. YoucanreadmoreofTieu�swritingathisblogathttp://thluu.blogspot.com. [email protected] SandeepMaripuriisanAssociatewithBoozAllenHamiltonwherehedesignsandimplements datasharingarchitecturesthatapplyservice-orientedconcepts.PriortojoiningBoozAllen Hamilton,Sandeepheldarchitectureandengineeringpositionsinbothlargeconsultingfirms andacommercialsoftwarestartup,wherehewasanarchitectandleadengineerofoneofthe firstcommercially-availablesemanticdatainteroperabilityplatforms. [email protected] RiadAssirisaseniortechnologistwithBoozAllenHamiltonwherehedesignsenterprisesystemsforcommercialandgovernmentclients.PriortoBoozAllenHamilton,RiadheldSenior technologypositionsatcompaniessuchasThomsonFinancial,B2eMarketsandManugistics, whereheworkedonlargesupplychainsystemsdevelopment.
www.WSJ2.com
STRATEGIES
MainframetoSOA– ThePeopleEffect HowtoapplymainframeexpertsasaresourceintheworldofSOA WRITTENBYROBERTMORRIS
AsServiceOrientedArchitecture(SOA)initiativesattaincriticalmassintheenterprise,there’smoreandmoreinterestinboostingbusinessresultsandcompetitiveness (nottomentionleveragingsignificantlong-terminvestments)byincorporatingmainframeassetsintotheSOA.However,ifthisattentionismyopicallyfocusedondata andfunctionality,companiesmaybeoverlookingthemainframe’shighestpotential forrapidtime-to-marketandROI:thevalueoftheexpertiseresidentwithmainframe developers.
�
hiletheymayseemanunlikely resourcetodeliverSOAnetcentricapplications,equipping mainframedevelopersisactuallyahighly practicalandcost-effectivealternativeto thenear-impossibletaskoftryingtoinfuse WebServicesdeveloperswithdecadesof mainframeexperience. Thisarticlewilllookatthebenefitsof fullyutilizingtheportfolioofmainframe assetsinanSOA,withaspecialfocuson tappingintomainframeexpertiseasa primaryresource.We’llexamineanapproachtoSOAdevelopmentthatutilizes toolsdesignedspecificallyformainframe developers.We’lllookattheimpactand potentialadvantagesintermsoflearning curve,deliverytime,and,mostimportantly,intermsofachievingoptimalservice granularitytopromotemaximumre-useof mainframe-basedbusinessservices.
WhyMainframeDevelopers? Oneoftheleadingmotivationsfor companiesembracingthemainframein theirSOAstrategiesistheopportunityto maximizethereturnontheirlong-term investments.Atthesametime,theproven performance,security,andscalabilityof
24June2006
mainframefunctionalityminimizethe businessriskassociatedwithimplementingnewSOAinitiatives.Equallyimportant istheopportunitytoloweroperational coststhroughSOAre-useandmaintenancebenefits. Althoughit’sclearthatthemainframe isanidealcandidateforparticipatingin theSOA,manycompaniesleavemuchof themainframe’svalueonthesidelines, fearingthattheskillsrequiredforserviceimplementation,andtheknowledge requiredtocreatebusinessservicesfrom mainframeapplicationsandtechnologies, areislandsthatcan’tbebridgedwithinthe organization.Andit’sunrealistictoexpect servicedevelopmentexpertstocomeup tospeedquicklyondecadesofknowledge aboutmainframeapplicationsanddata. Areverseoftheprocess,ontheother hand,isactuallyquitepractical.Instead ofabandoningthemainframe,alongwith itsprovenfunctionality,forlackofservice developmentskillswithinthecommunity ofmainframeexpertise,companiesshould lookforquickandeffectivewaystobring theirmainframedevelopersuptospeed onservicedevelopment.Accordingto GartneranalystDaleVecchio,speakingat
arecentBPMconference,“Thetalentsof yourpeopledonotsolelyresideintheir technologyskills.Evolveyourdevelopment organizationtoacomponent/assembly mentalitywherere-useisrewarded—even onmainframeenvironments.”And,infact, mainframedevelopersareuniquelyqualifiedtoproducetheright-sized“business services”thatwillmaximizere-use.
WebServicesversus BusinessServices AtthispointitwillbeusefultounderstandthedistinctionbetweenWebServices andbusinessservices.First,itshouldbe notedthatWebServicesaren’tnecessarily requiredfor,noraretheysynonymouswith SOA–althoughthetwoarefrequentlyand erroneouslyusedinterchangeably.While WebServicesarelikelytobeapartofan SOA,they’reonlyoneofseveraltechnologyoptionsforstandardizingaccessto servicesacrosstheenterprise.According toIntegrationConsortiumvice-president SteveCraggs,thiscanalsobeachievedby utilizingsuchstandardsasJ2EEConnector Architectures(JCAs)andEnterpriseServiceBuses(ESBs)togetherwithametadata repository.However,thebusinessservices
www.WSJ2.com
���������������� thatmakeupanSOAplayamorecomplexrolethansimplyinvokingafunction inastandardway.Inthefirstplace,they typicallycontainmulti-stepfunctionality, orchestratedintheservice,withcommunicationsanddatatransformationthat’s transparenttotheuser.AsVecchiosays, theymustfacilitatere-useaboveall. DeliveringmainframeSOA,therefore, ismorethanjustdeliveringmainframe componentsdressedupasWebServices. Itrequiresanin-depthunderstanding ofhowthecomponentsworktogether tocomprisearecognizablebusiness task–anunderstandingthat’sabuilt-in startingpointformainframedevelopers. Itthenrequiresautomatingtheinteractionoftheunderlyingfunctionalityand datasourcesnecessaryforthetask.Again, mainframeexpertisealreadycarriesanindepthknowledgeofthatfunctionalityand thosedatasourcesintermsofmainframe applications.Finally,theeffectiveuse andre-useofamainframe-basedservice requiresthatthewholethingbepackaged inaneasilyrecognizableandaccessible form. It’stypicallyonlyatthisfinalstepthat there’sasignificantlearningcurvefor mainframedevelopers.Thefactis,with therighttools–servicedevelopment toolsdesignedspecificallyfortheiruse –andwithasolidunderstandingofhow mainframefunctionalitywillsupportSOA applications,mainframedeveloperscan quicklyassembletheright-sizedmultistep/multi-operationbusinessservicesdescribedabove.Withsuchanapproach,the developmenttoolsthemselvescaninfact becomeateachingtoolfordemonstrating tomainframedeveloperseverythingthey needtoknowaboutbuildingSOAbusiness services.Thiswasthemethodusedbyone ofthelargestmutualcompanyproviders ofpropertyandliabilityinsuranceinthe UnitedStates,whichrecentlycompleted amainframeSOAinitiativethatexceeded allexpectationsindevelopment,testing, andimplementation.Thiswasinlarge partduetoitsuseofmainframedevelopers–subject-matterexpertsinmainframe functionalityandtechnologies–tocreate mainframe-basedbusinessservicesforthe SOA.
PuttingSOAValue ontheFastTrack Withtheneedtodevelopanddeploy compositeapplicationsbasedoncomponentsfromacrosstheITinfrastructure,
www.WSJ2.com
theinsurancecompanydetermined thatSOAoffereditsignificantstrategic advantages.Butaccordingtoitslead systemarchitect,itsdevelopershadbeen spendinghalfoftheirtimeon“plumbing” –thatis,creatingandparsingXML,dealingwithHTTPorothertransports,error handling,andsoon.Notonlydidthis slowtheirdevelopmenteffortsandcreate “brittle”codethatwashardtomaintain, italsocostthemintermsoflostopportunitiesforcodere-use.Furthermore,the company’sVisualBasicandJavadevelopersweren’tfamiliarwiththeunderlying mainframeCOBOLapplications.This meantthattheycouldn’tquicklydeliver theusable,maintainablebusinessservicesrequiredforthecompositeapplications.Asaresult,thesystemarchitectwas findingitdifficulttogetthecompany’s SOAstrategyofftheground. Thisisaperfectexampleofthe“people effect”atwork.Withoutbeingabletouse theirmainframedevelopmentexpertise, thecompanywouldbeunabletoleverageitsothermainframeassetsintheSOA –andmightnotgettheSOAgoingatall. Withtherighttool,however–onedesignedspecificallyformainframedeveloperstocreatecomplexbusinessservices frommainframedataandfunctionality –thesystemarchitectfoundthathecould effectivelybridgethecompany’sSOAand mainframeknowledgebasesinlessthana half-day. “Usingamainframe-specificdevelopmenttoolallowedustofocusourtraining onWebServices,businessservices,and SOA.Wewereabletoquicklyproduce examplesthathelpedthedevelopersto experienceandunderstandthebenefitsin termsofcodere-use.Withthisapproach, workingfromthedevelopers’in-depthunderstandingoftheCOBOLapplicationswe wereservice-enabling,itessentiallytook onlyfourhoursoftrainingtoturnthem intoservicedevelopers.”
TheRightToolsfortheJob Oncemainframedevelopersunderstand howtheservicestheyaredevelopingwill fitandfunctionintheSOA–assistedby toolsthatcanreadilydemonstrateand modeltheprocess–theycanusetheir existingmainframeexpertisetoquickly developthecomplexbusinessservices thatmakeanSOAsuccessful.Giventhe potentialupside,then,whataretheconsiderationsforselectingmainframeservice developmenttools?
1 ������������
�������������������� ����������������
blog-n-play™ is the only FREE custom blog address you can own which comes instantly with an access to the entire i-technology community readership. Have your blog read alongside with the world’s leading authorities, makers and shakers of the industry, including well-known and highly respected i-technology writers and editors.
2 ��������
�����������������������
blog-n-play™ gives you the most prestigious blog address. There is no other blog community in the world who offers such a targeted address, which comes with an instant targeted readership.
3 �������������� �������������
blog-n-play™ is powered by Blog-City™, the most feature rich and bleeding-edge blog engine in the world, designed by Alan Williamson, the legendary editor of JDJ. Alan kept the i-technology community bloggers’ demanding needs in mind and integrated your blog page to your favorite magazine’s Web site.
����������������������� �����������������������
������������������������������ ����������������
�������������
�����������������������
���������������������
��������
�����������
������������������
����������������������
���������������
����������������
������������������
�������������
�����������������
�����������������������
������������������
�������
�����
������������� ��������������
June200625
STRATEGIES
One of the leading motivations for companies embracing the mainframe in their SOA strategies is the opportunity to maximize the return on their long-term investments Firstaretheuniquefeaturesofthemainframetechnologylandscape.Inhispaper on“Best-of-BreedMainframeSOATools,” authorSteveCraggsrecommendsthat thebesttoolset,bydesign,willberight athomewiththespecializedmainframe applications,resources,andenvironments thatarethepurviewofmainframedevelopers,suchas: • IBMtransactionprocessingproducts, CICSandIMS • IDMS,Natural,andAdabas • COBOL • DB2databaseandMQSeriesmessaging middleware • RACFandSAF Inaddition,thetoolsetshouldprovide awaytomapmainframeprogramming structurestotechnologiessuchasXML andWebServices,thefoundationfor bridgingmainframeexpertiseandSOA deploymenttechnologies.Youcaneliminateanytoolsetthatdoesn’tprovidethe basicfunctionalityrequiredtointegrate mainframefunctionalityaccordingtoSOA principles.Virtuallyanydevelopmenttool canmanagemainframeapplicationsthat canbe“driven”throughaprogrammable interface.Butmanyoftheoldermainframe applicationsarescreen-driven,andthe toolsetmustprovidescreen-basedaccess forthem.Thetoolsetalsohastobeableto playbySOArules,providingwrappersor adaptersthat“bridge”mainframeaccess mechanismswithSOAinterfacestandards. Andbesidesprovidinginterfacesupport fordifferenttypesofapplications,thetoolsetshouldaccessvariousmainframedata sources,suchasDB2,VSAM,Adabas.and othersunderasingleSQL-styleinterface thatwillbefamiliartomainframedevelopers. Unfortunately,eventhemostsophisticatedfunctionalitycanberendered ineffectiveifit’snoteasytouse.Tomake immediateuseofmainframeexpertise, thedevelopmenttoolsprovidedshould beintuitiveandaccessible,automating thecreationofservicesonthemainframe asmuchaspossible.Itshouldn’tmean
26June2006
supportthestringentintegrityandrecoverabilityrequirementsofthemainframe environment.And,inadditiontosupportingmainframeoperatingsystemfunctions, itwillhavetheappropriatelook-and-feel togainrapidacceptanceandutilization withinthemainframecommunity.This willbekeytoputtingthe“peopleeffect”in motion.
TransformingMainframe ExpertiseintoSOASuccess extensivetrainingorthird-partyconsultingtoproduceresults,asthiswilldefeat theadvantageofleveragingyourexisting mainframedevelopmentresources. Thetoolsetshouldmakeiteasyto assembleandorchestratetheproper executionofmulti-step/multi-operationbusinessprocessesfrommainframe applications.Thisisbestachievedbya graphicalmodelingapproachthatwill provideafamiliardevelopmentenvironmentforthemainframeexpert,and reduceoreliminatemanualcoding, therebyshorteningthelearningcurveand speedingdevelopment. Themodelingenvironmentshouldalso providevisualfeedbackthatwillserveto improveaccuracybyhighlightingproblemsearlyinthedevelopmentprocess. Tothisend,thetoolsetshouldenablethe developertotestcomponentsinisolation, simulatingtheirperformanceinrealoperations,withoutrequiringthatallcomponentsbecompletedandassembledbefore theycanbetested.Thetoolsetshould alsoprovidedevelopmentlifecyclesupport,allowingservicesandcomponents tobemarkedasdevelopment,test,QA, orproduction-level,andshouldsupport versioningaswelltoensurethatuntested componentsorchangesdon’tenterthe productionenvironment. Ultimately,allofthesedevelopmentand deploymentconsiderationswilldemonstratewhetherornotatoolsetwascreated basedonanextensiveunderstandingof mainframes.Ifso,itwillofferfeaturesthat
It’sclearthatmainframeapplications, data,andperformancehaveamajorrole toplayintheServiceOrientedArchitecturesoftoday.Butit’sequallyimportant totapyourmainframeexpertisetoleveragethoseresourceseffectively.Noone knowsmoreaboutmainframeapplications,functionality,andtheunderlying codethanthemainframedevelopers alreadyonyourstaff.Equippingthem withdevelopmenttoolsthatenablethem toreadilyvisualizeandunderstandthe conceptandbenefitsofabusinessservice composedofmainframecomponentsis thefirststep–andthefastestroute–to bridgingtheknowledgegapbetween provenlegacyassetsandstrategicservice initiatives.Armedwiththatknowledge, therighttoolswillthenequipmainframe developerstoquicklyandeasilyassemble anddeploymulti-step/multi-operation mainframe-basedbusinessservicesthat areright-sizedtomaximizere-use.This approachunlocksthefullvalueofallof yourmainframeassets–fromdatato developers–tofuelrapidandrobustSOA implementations. AbouttheAuthor RobertMorrisisseniorvicepresidentofmarketingand strategyresponsiblefortheplanning,integration,and marketingofGTSoftwareproductsolutionstotheglobal market.PriortoGTSoftware,heheldavarietyofsales, marketing,andproductmanagementpositionsatKnowledgeWare,FortéSoftware,ClientSoft(nowNEONsystems), andJacada.Hehasanextensivebackgroundinapplication developmentandintegrationincludingexperiencewith CASEmethodologiesanddistributedsystemsaswellas midrangeandmainframeenvironments.
www.WSJ2.com
PRODUCTREVIEW
MindreefSOAPscopeServer Theraredistributeddevelopmentenvironment WRITTENBYBRIANBARBASH
BynatureWebServicesisadistributedtechnology.Withdistributioncomesgreat flexibilityforarchitecturaltopologies.Componentscanbestrategicallyplacedin differentphysicallocationstooptimizeperformance,maintenanceandbusiness processes.Inlargeorganizationsonephysicallocationmayhandlesalesservices, whileanotherdeliverscontractmanagement.AsorganizationsbuildServiceOriented Architecturesthatstitchtogetherthesephysicallydispersedservices,distributed developmentbecomesaninterestingchallengetoovercome.Manycollaborative technologiesexisttodaytofacilitatebettercommunicationsandinformationsharing amongworkers,butit’sraretofindadistributeddevelopmentenvironment.
�
nterMindreef’sSOAscopeServer. Coralisadevelopmentplatformthat providesacentralizedworkenvironmentdesignedspecificallyforSOAs enabledbyWebServices.Development teamscollaborateinspecializedvirtual workspacesthatmanageWebServices definitions,messages,recordedactions, simulations,andnotes.
Fromtheseviews,servicescanbeinvoked,analyzed,orupdated,andmultiple servicescanbecomparedtoidentifydifferencesintheirdefinitions.Thedeveloper canalsoanalyzeservicesforbestpractices. ThechoicesofalgorithmstorunareMindreefBasicDiagnostics,WS-IBasicProfile 1.0,andacombinationoftheWS-IBasic Profile1.0andSOAPBindingProfile1.0. Usershavetheoptionofcreatingtheirown algorithmsfromalibraryoftests.
TheDevelopmentEnvironment: CreatingWorkspaces MindreefSOAPscopeServerisbasedon theconceptofworkspaces.Asmentioned, workspacesarecentralrepositoriesthat containtheassetsofagivenWebServicesenabledproject.Therearethreekindsof workspaces: 1.Private:Allassetsinprivateworkspaces areaccessibleonlytothelogged-inuser 2.Team:Assetsinteamworkspacesareaccessibletoanylogged-inuser 3.Community:Communityworkspace assetsareavailabletoanyuserinareadonlystate,andaneditablestatetothose withaccountsontheserver Asanexample,assumethatanorganizationhasseparatephysicallocationsforsales, contractmanagement,andmasterdataservices(customer,product,etc.).Thesupport
28June2006
Withtheservicecontractsloaded,SOAPscopeServerpresentsthemtodevelopersin multipleviews: • Overview:Displaysthedetailsofaspecificservicecontractasatreestructure. Eachoperationisanexpandablenodeon thetreeinwhichtheoperationaldetails arestoredincludingactionsandinput andoutputmessageconstructs. • Documentation:ListsallofthecomponentsoftheWebServicebynamespace. • Files:DisplaystheXMLfilesthatmakeup theWebServicedefinitioninaformatted view. • Coverage:Agenerallistingofusagestatisticsforagivenservice.Metricscaptured hereincludetotalcalls,faults,callduration,requestsize,andresponsesize.
teamsanddevelopersoftheseindividual servicesarealsolocatedindifferentphysical locations.Aspartofanefforttoimproveties withitstradingpartners,thiscompanyis buildinganapplicationsobuyerscansubmit pricechecksandpurchaseordersusingWeb Services.Duringdevelopmentaworkspace willbecreatedintheteamarea. WhenestablishingaworkspaceinMindreefSOAPscopeServer,developersaddWSDL definitionsreferredtoasservicecontracts. AsshowninFigure1,servicecontractscan beaddedtoaworkspaceviaeitheraURL oraWSDLfilelocatedonthefilesystem. Servicecontractscanalsobeaddedfromthe developer’sotherprivateworkspaces,and fromallteamandcommunityworkspaces. Forthisexample,theContractServiceand SalesServiceWSDLfileswillbeadded.
TestingandVerifyingServices EverytimeadeveloperinvokesaWeb Servicefromaworkspace,therequestandresponsemessagesarecapturedandtheevent isstoredasanaction.Thisservesasapowerfulmechanismfortestinganddebugging. Whenissueswithaserviceareidentified, themessagesthatproducetheissuecanbe storedandre-senttoverifythattheappropriatecollectiveactionshavebeentaken. Individualactionscanalsobestrungtogethertocreatescripts.Thisprovidesfortestingdependentservices.WebServiceparameterscanbeconfiguredtoextracttheirvalues fromvariablesallowingfortheresultsofone servicetoserveastheinputtoanother.For theexampleinthisarticle,theContractService.GetContractPricehasbeenconfiguredto
www.WSJ2.com
Figure1:Addingaservicecontract
putitsresultsinvariables.Thevaluesinclude contractnumberandprice.Subsequently,the SalesService.SubmitPOoperationhasbeen configuredtoextractthecontractnumber andpricefromtheconfiguredvariablescompletingthechainofoperations.
Collaboration
AllofthefeaturesofMindreefSOAPscope Servermentionedsofararevaluableand servetoassistwithdevelopingandtesting WebServices.However,SOAPscopeServer’s differentiatingfunctionalityisinitsability forteamstocollaborateonWebService development.Featuresofthesystemthat facilitatethisinclude: • WorkspaceNotes:Notesinaworkspace provideawaytodocumentactivities,changes, issues,andotherusefulinformationtomembers.Forexample,ifanissueisidentifiedwith theContractService,theactionthatre-creates theerrorandthespecificinputsthatareassociatedwithitmaybedocumentedasanote. Membersofthemaintenanceteamforthe ContractServicenowhaveacentralizeddocumentationrepositorytoidentifyandresolve theissue,alocationintowhichtheresolution maybeentered,andanactionscripttore-createanddiagnosetheissueathand. • RSSNewsFeeds:Thesefeedsprovide informationabouttheworkspaceandthe notesentered.RSSfeedsalwaysinclude thefirstandlastnoteenteredintheworkspace.Soteamsthatconsumeservicesin aworkspacemaybenotifiedbyRSSwhen changes,updates,orissuesareresolved intheworkspace.
www.WSJ2.com
Figure2:Simulatingaresponse
• SOAPscopeServerIntegration:SOAPscope Serverletsworkspacesbeexportedtoa proprietaryformatcalledaMindreefReproduciblePackage.Thesepackagescanbe transferredtoanySOAPscopeServerserver withallassetsintact.Packagescanalsobe storedinalternatesystems,suchasbug trackingtools,forarchivingandreference.
Simulation SimulationinSOAPscopeServerrefersto thepracticeofcreatingdummymessages thatserveasplaceholdersforWebServices. Thisisparticularlyusefulduringthedevelopmentofcompositeapplicationsandprototypingwherenotallservicesareavailable. Duringasimulation,SOAPscopeServeracts asaserviceendpoint,respondingwiththe appropriatemessagetemplatebasedonthe contentsofarequest,orthrowingaSOAP faultwhennomatchingresponseisfound. UsingtheContractServiceanewoperation hasbeendefinedcalledGetEligibility.This operationwilldeterminewhichcontractsa givencustomercanbuyon,ifany.Theservice itselfhasyettobedeveloped,soasimulation willbecreatedforthisspecificoperation. AsshowninFigure2,thesimulationfor GetEligibilitywillbebasedonthevalue oftheattribute“name”intheincoming XMLpayload.Theresponse,shownatthe bottomofthescreen,isahard-codedXML stringthatrepresentsagenericeligibility value.Multiplesimulationscanbecreated, eachconfiguredtoreacttoaspecificpayload,toaccommodatedifferentbusiness casessuchascustomersbeingeligiblefor
morethanonecontract.Invokingthesimulationisassimpleassendingarequestfrom theserviceclienttotheendpointdefined forthesimulation.
Summary DevelopingWebServicescomponentsin aServicesOrientedArchitecturepresents uniquechallenges.Physicaldistributionof resourcesaddstothiscomplexity.Mindreef’s SOAPscopeServerplatformintroducesan interestingsolutiontothischallengebyprovidingacollaborativeworkenvironmentthat goesbeyondthetraditionalcommunication functions.Thesystemcanplayavaluablerole inorganizationsbuildingoutnewservices andsupportingexistingapplications.SOAPscopeServerisdefinitelyworthalook.
Requirements Browser: >BrowserbasedUIforeasycollaboration >IE6.0andabovesupported Server: >InstallsprivateTomcattohostMindreef SOAPscopeServer >Minimumrequirements, >Concurrentlicensing Choiceofannualsubscription,orperpetual license, Database: >InstallsSQLMSDE >SupportsSQLserver
June200629
BPD
BringingSOAtothemainframe isthenextstepforenterprises
TheEvolution of
SOAs
WRITTENBYSTUARTBURRIS
Mainframeswerethefirstcomputingplatformofcorporate informationtechnology.Astheindustryhasgrown,mainframes havecontinuedtoevolveandintegrateintothevariousincarnationsofenterprisearchitecture.Infact,asthefirstcomputingsystem,mainframesenjoyaspecialrolewhenlookingat enterprisearchitecture,asmainframeshaveparticipatedin virtuallyeveryflavorofarchitecture,startingwiththeincarnationofIT,whenamainframewasthearchitecture.
�
ainframeswereinitiallydeployedasmonolithic,standalonesystems.Theprevailingattitudeofthedaywasthat allapplicationscouldandwouldresideonasinglelarge computingplatform,themainframe.Applicationintegrationwas allnicelyhandledthroughmainframeresidentdatastores,and callabletransactions.However,asITevolvedintoclient/serverand othernon-mainframearchitectures,integrationshiftedaswell. Enterpriseapplicationintegration(EAI)wasbornoutofthe
30June2006
needtointegratedisparatesystems,withoutusingadhocpoint-topointcustom-developedinterfacesforeveryproject.EAIprovided thepromiseofunwindingthetangledmessofinterfacesthathad growntoensnareeverycorporatedatacenter.Mainframeswerestill thebedrockofcorporateIT,however,nowtherewerethousandsof interfacesfeedingothersystemsinmyriadpoint-to-pointapplication-specificstandardsandsemantics.Forthemainframe,MQwas theanswertostandardEAIintegration.However,aswequickly learned,EAIdidn’tsolvethetangledmessofintegrationpoints. EAImadeintegrationeasier;however,alackofstandardsdidn’tlet differentvendors’EAItoolingworkwellwitheachother,andthe integrationsemanticswerestilldevelopedspecificallytomeetthe needsofthespecificpoint-to-pointapplicationintegrationdriving theproject. ServiceOrientedArchitecture(SOA)isbeingheraldedasthe saviorofenterpriseintegration,finallycreatingre-usableinterfaces tounwindthecomplexpoint-to-pointintegration.SOAdoesinfact nicelysolvethestandardsprocess,andwhileSOAdoesn’trequire ormandateanytechnology,mostSOAinitiativesarecreatingeasily consumableservicesasWebServices.However,asforthesecond issueofcreatingreusableservicesit’susefultolookbackathistory atthelessonslearnedaboutcreatingareusableintegrationpoint. Mainframeapplicationsrepresentlargechunksofbusiness processlogic.Consideramainframeapplicationthat’susedsolely
www.WSJ2.com
fororderprocessing.Themonolithicmainframeapplicationwould handanumberofsub-processesinvolvedwithorderprocessing, forexample,orderentry,accountsreceivable,credit,andcustomer maintenance.Themainframesystemandtheassociatedapplicationflowrepresentedandsupportedthebusinessprocessesinthe organization.Asthebusinessprocessesoftheorganizationevolved, themainframeapplicationlogicevolvesaswell,oreventuallyis replaced. Oncetheenvironmentevolvesintoaheterogeneousenvironmentofmainframe,client/server,andothertechnology,the integrationwillmirrorthemacrobusinessprocessesassociated withthecapabilitiesoftheapplicationpackagesoneachplatform. Let’sconsiderwhathappenstoourmainframeshopwhenthe businessdecidestoreplacethecustomermaintenanceandcredit managementfunctionswithapackagetoallowconsolidationofthe customerandcreditmaintenancebusinessprocessesacrossvariousdivisions. Considerthatthemacrobusinessprocesswasthattheconsolidatedcustomeroperationsgroupwouldberesponsibleforinitially settingupallcustomers,andthatnoorderscouldbeplacedby anyofthedivisionalentitiesuntilthatcustomerwasestablished inthesystemandthecreditdepartmentcoulddetermineanappropriatecreditlinebasedonthetermsandcreditworthinessof thecustomer.Assuch,theITdepartmentdeterminedthatthenew client/serverCRMsuitewouldbethemasterofthecustomerdata, andabatchinterfacetothemainframeorderentrysystemwasconstructedtopopulate/updatethesystemwiththelatestinformation. TheITinterfacematchedthemacrobusinessprocess,withaformal document,theinterfacebetweensystemsofthecustomermaster, beingpassedbetweenthecreditdepartmentandtheorderprocessingdepartmentnightly. Ofcourse,thenanotherinterfaceiswrittentoareportingsystemto providemanagementreports,andanothertoreconciletheaccounts receivable,andanothertoupdateasalesforceautomationproduct, andanothertoupdatetheWeb-basedorderstatus,andsoon. But,besidestheissueofinterfaceproliferation,there’sanother issueassociatedwiththegranularityofthebusinessprocessthe interfaceissupporting.Theinterfacemirrorsthebusinessprocess; however,itmirrorsaverylargecoursebusinessprocessdifferentiation(orderprocessingdepartmentversusthecustomermanagement department).Let’sconsidertheimpactofourdivision’splanstooffer specialpromotionalpricingbasedontotalcross-divisionalsales. OurCRMsystemkeepstrackoftotaldivisionalsales;however, thatinformationwasn’tpassedbacktothemainframeintheinterfacesoratherthanwaitingforITtoupdatetheinterface,oursales teamusesthestandarddesktopintegrationtoolofchoicesince PCswereintroducedintotheITstack,aspreadsheettopullthe informationfromtheCRM,manipulatetheorderfromtheorder managementsystem,anddecidethecorrectdiscount. Likeitornot,thelackofagilityandflexibilityinITsystems andtheassociatedintegrationhascreatedawholesecondary marketofPC-basedintegrationneedsandtechniques.Mainframeterminalemulatorshavescriptinglanguagestopullinformationoffthemainframetotheclient,client/serversystems havetheabilitytoexportreportslocally,anddesktoptoolsto manage,manipulate,anddissectthesedatasetshavegrownvery powerful.Theusercommunityinyourorganizationhaslearned howtointegratetheirbusinesssub-processeswithoutusingIT toachievetheflexibilityandagilitythatthebusinessrequires. Notanidealsolution,butworkable,untiltheInternetcame
www.WSJ2.com
along,andallofasudden,customersdidn’texpecttohaveto dealwithaperson.Thesystemsneededtobeassmart,flexible, andagileasyourbusinessusers. ThehopeforSOA,therefore,isn’tjustthatit’sstandards-based, andthereforereusable.It’salsothattheintegrationpointsinto thesystemshavetomirrorthedetailsofthebusinessprocess.Too coarseofaservicedefinitionandyouhavethesameproblems withlackofflexibilityandagility.Ofcourse,ifyoudefineatoo finelygrainedservice,mostofthebusinessprocesslogicwrapped upinyourlegacyassetswillhavetoberecodedintotheworkflow orchestratingtheseservices.Therefore,therealhopeforSOAtobe abletoprovidetheagilityandflexibilitytotheenterpriseisdefiningservicesthatmirrorthebusinessprocessatthecorrectlevelof granularity,allowingforeasyreusabilitytoquicklycomposesupportingnewbusinessprocesses. Thestandardprocessofdefininganddocumentingbusiness processesisatop-downanalysisstartingwiththelargemacro-businessprocessdefinitionanditerativelybreakingdowntheprocesses step-by-step.Forexample,ordermanagementconsistsofentry, change,inquiry,etc.Businessprocessanalysisisn’tanewdiscipline;however,it’salongandexpensiveprocess.Often,bythetime thebusinessprocessesarefullyidentifiedanddocumented,the businessitselfhaschanged.Andalltoofrequently,astheprocess becomesmoredetailed,theanalysisstops–andintheworldof SOA,wheregettingthemicro-processdetailsrightisessential, takingbusinessprocessanalysisdowntothedetailsisanabsolute necessity.
Figure1
Figure2
June200631
BPD
In the world of SOA, where getting the micro-process details right is essential, taking business process analysis down to the details is an absolute necessity Businessprocessdiscovery(BPD)isanemergingfieldoftoolsand methodologiesthatallowforabottoms-upapproachtobusiness processanalysis.Ratherthanstartingwithatop-downcoursegrainedtofiner-grainedapproach,BPDexaminesthecurrentwork processesstartingwiththedetails,andbuildsupapictureofthe businessprocessbasedontheactualevidenceoftheworkbeing done. TheallureofBPDistoveryquicklydiscover,detail,anddocumentlocalizedbusinessprocessestoenablethedefinitionandconstructionofSOAservices.Ratherthanwaitingforalong,expensive top-downanalysis,BPDcanveryquicklyprovidetheevidencerequiredtomakeintelligentdecisionsonthegranularityofaservice inthecontextofthesupportingbusinessprocess. BPDisnotonlyquicker;italsoproducesahigher-qualitybusinessprocessdescription.Thetraditionaltop-downapproach makesprocessassumptionsbasedoninterviewswithbusiness processexperts.However,nomatterhowskilledtheexpert,and howgoodtheBPAmethodology,thereisoftenagreatdealoferror associatedwiththeprocess,bothintermsofomissionofprocess detailsandexceptions,aswellasmisunderstandingtheprocess nuancesexecutedbydifferentbusinessgroups. Flawsinbusinessprocessdetailsbecomecriticalinthecontextof creatingaservicethatmirrorsthedetailedbusinessprocess.Interestingly,thestandardmethodtoresolvetheseunforeseensituations istodoavariantofBPD,whichinstandardsoftwaredevelopment wouldbecalledtesting.Longarduoustestingcyclesarethestandard pre-requisitetoanymajorsystemsproject,andperformtheroleof
BPD,afterthesystemhasbeendesignedandbuilt,tofindallofthe detailsforgotteninthedesignprocess.Whileeffective,thisslowafterthe-factprocessseemstolimitthepromiseoffinallyprovidingthe agilityandflexibilityinITthebusinessrequires. SOAbringsthepromiseofITagilitythroughexistingsystemand interfacereuseiftheservicesaredefinedappropriately.Defining whatanappropriatebusinessprocessistoencapsulateasaservice isthekeytoSOAsuccess.Eithertoofineagrain,ortoocourse,will resultincontinuedinvestmentintheservice,atbestre-versioning theservice,atworst,non-reusableserviceproliferation. Businessprocessanalysistoolsandmethodologiesprovidean excellenttop-downanalysistoputbusinessprocessesintocontext. However,theyarepooratderivingthedetailsofabusinessprocess. Businessprocessdiscoverytoolsexcelatdiscoveringthedetailsof abusinessprocessfromrealbusinessuse.Applyingbothofthese toolstogethercanquicklyprovideabusinessprocessmap,completewithdetails,allowingyourservicestofinallymeettheneeds ofthebusiness,providingaquick,agileITarchitecturetomeetthe ever-evolvingneedsofeverybusiness. AbouttheAuthor Aspresidentandchieftechnologyofficer,StuartBurrisisresponsiblefortheoverallmanagementofOpenConnectaswellasitstechnologyvisionandstrategy.StuartjoinedOpenConnect in1990andhasheldavarietyofresearchandproductdevelopmentroles,mostrecentlyas vice-president,researchanddevelopment.DuringhistenureatOpenConnect,hehasbeen instrumentalinthedevelopmentofthearchitectureforthecompany’sindustryleadingmainframe-to-Webproductsusedbythousandsofcompaniesworldwide.
SOA—continuedfrompage50 dling,andprocessdecomposition,includingserviceandprocessreuse. Orchestrationsmayspanafewinternal systems,systemsbetweenorganizations,or both.Moreover,orchestrationsarelong-running,multi-steptransactions,almostalways controlledbyonebusinessparty,andare looselycoupledandasynchronousinnature. Wecanconsiderorchestrationasreally anothercompletelayeroverabstractservices, perourarchitecture.Orchestrationencapsulatestheseintegrationpoints,bindingthem togethertoformhigher-levelprocessesand compositeservices.Indeed,orchestrations themselvesshouldbecomeservices. Orchestrationisanecessityifyou’re buildinganSOA,intra-orinterorganization.It’sthelayerthatcreatesbusiness solutionsfromthevastarrayofabstract services,andfrominformationflowsfound innewandexistingsystems.Orchestration isagod-likecontrolmechanismthat’sable toputourSOAtowork,aswellasprovidea 32June2006
pointofcontrol.Orchestrationlayersallow youtochangethewayyourbusinessfunctions,asneeded,todefineorredefineany businessprocesson-the-fly.Thisprovides thebusinesswiththeflexibilityandagility neededtocompetetoday. Orchestrationmustprovidedynamic, flexible,andadaptablemechanismstomeet thechangingneedsofthedomain.Thisisaccomplishedthroughtheseparationofprocess logicandtheabstractservicesemployed.The looselycouplednatureoforchestrationiskey, sincetherearenorequirementsforallservicestobeup-and-runningatthesametime inorderfororchestrationstorun.Thisisalso essentialforlong-runningtransactions.Also, asserviceschangeovertime,thereistypically noneedtoaltertheorchestrationlayerto accommodatethechanges,atleastnotifthey arearchitectedproperly.
Interface Thepurposeoftheinterfacelayeris
totakeservices–core,abstract,orthose exposedthroughorchestration–tohuman beings.Withinthisarchitecture,theuser interfacecommunicatesdirectlywiththese servicesthroughitsasynchronousmechanisms,andexposestheinformationor behaviortotheuser. Withintheinterfacelayers,SOAdeveloperscanmixandmatchservicesandinformationandbindthemtoadynamicinterface inawaythatmakessensefortheenduser. Forinstance,youmaytakeanabstracted dataservicetopopulateacustomerlist,and ariskservicetoprocessagainstthatlist,and anotherabstractdataservicetoplacethe informationbackintoadatastore. AbouttheAuthor DavidS.LinthicumisthepresidentandCEOofBRIDGEWERX, andtheauthorofseveralbooksonapplicationintegration andservice-orientedarchitecture,andthehostoftheSOA ExpertPodcast. [email protected] www.WSJ2.com
INTEGRATION
LeveraginggSOAPfor LegacySystemsIntegration TheSOArevolutionprogresses WRITTENBYJAMESCAPLE
Theworldwasabouttochange,arguedDonBoxofDevelopMentorwhenhe extolledthevirtuesofSOAP,theSimpleObjectAccessProtocol,atthe2001USENIX ConferenceonObject-OrientedTechnologiesandSystems(COOTS).
L
isteningtoBoxdiscusstheimpending demiseofVisualBasic–atleastasit wasknownatthetime–andDCOM duetotheemergenceof.NETandtheCommonLanguageRuntime(CLR),aswellas animateddiscussionsofaburgeoningnew SOAPspecification,wasmyintroduction totheServiceOrientedArchitecture(SOA) Revolution.Ofcoursedistributedcomputingwasnothingnew,butcertainlythescale anduniversalityoftheparadigmwassetto explode–orsoitseemed. Sincethisconference,slowlybutsurely, muchofwhatBoxprognosticatedhascome topass,albeitnotasswiftlyoruniversally asinitiallyindicated.Microsoft.NEThas notexactlytakentheWebServicesWorld bystorm(orHailStormforthatmatter),but WebServicesingeneralaremakingserious inroadsnonetheless.
TheSOARevolution TheSOAparadigmisrevolutionarybecauseithaschangedourviewofdistributed components.Moreandmoreallkindsof organizationsarethinkingabouthowto designandbuildsystemsandAPIsthatare self-describingandeasilyusedbyothersystemselsewhereintheuniversalfederation ofgloballyaccessiblesoftwarecomponents. Today,infact,agrassrootsmovementis afootthatseekstobuildnewandinterestingapplicationsoutofpublicWebServices thatareknownasmashups.Mashupsare ofgreatinterestbecauseoftherelative simplicityandagilitywithwhichcomplex functionalitycanbebuiltusingwell-known toolsandtechnologieslikeSOAP,Really
34June2006
SimpleSyndication(RSS),JavaScript,and XML.Derivingcomplexfunctionality, simply,isarecipeforwidespreadadoption andinvolvement.Inessence,thisgrassroots mashupmovementisgivingrisetopatterns andtechnologiesthatcanbeemployedin theenterprisetosolveexistingproblems associatedwith(agile)external,aswellas internal,dataintegration. Itseemsmuchofthefocustodaywith regardtoSOAisondevelopingoutwardly lookingAPIsforexternalconsumersofan application’sdataandfunctionality(i.e., solvingproblemsassociatedwithextra-organizationaldataintegration).Forexample, alotofbuzzhasbeengeneratedbyRepresentationalStateTransfer(REST)–and SOAP-basedAPIsmadeavailablebylarge commercialWebapplicationssuchaseBay, Google,Craigslist,andYahoo,whichare exposedsohackersaroundtheworldcan createfancifulnewmashups–andmore marketinterestandbrandawarenessin thecompanyexposingtheinterestingnew functionality. Technologistsandaverageusersalike areintriguedtoseewhatinterestingnew
softwareandeye-candycanbebuiltoutof theWeb-basedbuildingblocksemergingon theInternettoday(e.g.,GoogleMaps). ThisisthesexysideofSOA,(whichisarguablymostusefulforsellingads). Thenot-so-sexysideofSOAmeansaddressingtheproblemsassociatedwiththe legacysoftwarebehindtheaverageenterprisefirewallthatwasn’tinitiallydesigned tosharedatawithnewandfuturesoftware applications.It’s,ironically,thisnot-sosexysideofSOAthatmayoffertheaverage enterprisethebestreturnoninvestment (ROI),especiallywhenpatternsandtechnologiesfromthesexysideareemployed. Sowithoutfurtheradotheremainder ofthisarticlewillfocusonthedarkside ofSOA:integratingnewsoftwareapplicationswithlegacysoftware.Inparticular, thisarticlewilldiscusstheuseofthegSOAP frameworktoSOAP-enablelegacyC/C++ applicationssolegacysystemscanbe turnedintoWeb-enabledAPIs,accessible bySOAP-basedinterfacesforeasyinternal and/orexternalintegrationwithexisting,as wellasfuture,systems. AswiththesexysideofSOA,agilityand simplicityarekeycomponentsofasuccessfuldataintegrationstrategy.Lackofthese ingredientsmaynotpreventaworking short-termsolution,butmayverywell contributetothesesystempartsbecomingmoreandmoreisolatedandeventually abandonedovertime.
Agility&SimplicityasKey IntegrationIngredients Successfulwell-bakedsoftwarehasjust asmanytechnicalingredientsinitasnontechnical.Somemightsaythenon-technicalingredientsarethemostimportant;they aretosoftwarewhatyeastistobread.Nontechnicalingredientsaretheintangibles suchassoftwareteamdynamics,flatorga-
www.WSJ2.com
nizationalhierarchies,agiledevelopment methodologies,good,simpletools,and theencouragementofthehackerculture. Sowhatexactlymakesatoolorframework agileorsimple,andwhatdoesthishaveto dowithgSOAPandtheSOARevolution? Agilityandsimplicityaretheraison d’êtrebehindtechnologieslikeSOAP.The CommonObjectRequestBrokerArchitecture(CORBA)andJava’sRemoteMethod Invocation(RMI),forexample,arearguably notagileorsimpleframeworkscomparativelyspeakingforsolvinginteroperability problems;they’rerathercomplextobuild withandunwieldytodeploy.RMIfacilitates distributedcomputing,butonlyamong homogeneousJavacomponents.CORBA opensupdistributedcomputingtoawider arrayofobjectswritteninotherprogramminglanguages,butneithercanscaletothe levelofHTTPandSOAP.WhattheearlySOA revolutionariesrealizedisthatmostorganizationsrunaWebserver,andmanyusethe defaultport80withfirewallprovisionsfor externalaccesstothisport.TheyalsorealizedthattherewasalargeWebdeveloper communitythatunderstoodWebservers andtheHypertextTransferProtocol(HTTP) andXML.Long-termROIfromthetech-
nologiesusediscloselytiedtograssroots developeracceptanceofagiventechnology today.HTTP,unliketheInternetInter-Orb Protocol(IIOP)employedbybothRMIand CORBA,offersubiquityintermsofuseand infrastructure.It’slightweightandeasy tounderstand.HTTPisanagile,simple protocol.SOAPpiggybacksontopofHTTP makingitanagilecousin.Agile,simple toolsandtechnologies,therefore,provide greaterROIthantheirlessagile,morecomplicatedcounterpartsprimarilybecauseof suchthingsasapplicationmaintenance, theimplementationtimeduetosimplicityanddocumentation,theuniversalityof acceptanceandadherencetostandards, scalability,etc.Intangiblessuchasagility andsimplicityhavenothingandeverything todowithSOAP,theSOARevolution,and gSOAP.
WhatisgSOAP? gSOAPisanOpenSource(GeneralPublic License)SOAP-basedframeworkthat facilitatesthegenerationofSOAPclientand servercodefromWebServicesDescription Language(WSDL)files.ExistingC/C++ headerfilescanalsobeusedtogenerate WSDLfiles.Itprovidesnativeanduser-
definedCandC++bindingstoXMLand viceversa.ThecurrentversionofgSOAPis 2.7.7.TargetplatformsincludeMSWindows (Win32,Cygwin,andMS-DOS),Linux(Red HatandSuSE),Unix(Solaris,HP-UX,FreeBSD,TRU64,Irix,QNX,andAIX),MacOSX, VxWorks,WinCE,PalmOS,andSymbian. ThegSOAPframeworkissupportedand maintainedbyGenivia,acompanyfounded byRobertA.vanEngelen,anassociate professorofcomputerscienceattheFlorida StateUniversity.Thereareanumberof SOAP-basedframeworkstochoosefrom thesedays,butgSOAPisoneofthemost performant.Insum,gSOAPisalightweight frameworkeasilyemployedtocreateWeb ServicesfromC/C++components.
AQuickIntroduction ThegSOAPdistributioncomeswithmany sampleprogramsthatshouldbesufficient togetupandrunningwiththeframework relativelyquickly.Forclarificationrelative tothisdiscussion,however,aquicktutorial forwritingaHelloWorldC++SOAPservice ispresented.Thisbriefexamplepresents thefundamentalelementsrequiredfor Web-enablinglegacysystemfunctionswritteninC/C++librariesusinggSOAP.
The New and Improved:
Now Including…
BPEL4WS 1.1 WS-BPEL 2.0 to Ten Things Your EII Ve nd May Not Te or ll You
Business Pr oc Orchestratio ess n
• Real-World Web Services: XML’s Killer App! • How to Use SOAP in the Enterprise • Demystifying ebXML for success • Authentication, Authorization, and Auditing • BPM - Business Process Management • Latest information on Evolving Standards • Vital technology insights from the nation’s leading Technologists • Industry Case Studies and Success Stories • Making the Most of .NET
• Web Services Security • How to Develop and Market Your Web Services • EAI and Application Integration Tips • The Marketplace: Tools, Engines, and Servers • Integrating XML in a Web Services Environment • Wireless: Enable Your WAP Projects and Build Wireless Applilcations with Web Services! • Real-World UDDI • Swing-Compliant Web Services • and much, much more!
www.WSJ2.com or 1-888-303-5252 OFFER SUBJECT TO CHANGE WITHOUT NOTICE.
www.WSJ2.com
June200635
INTEGRATION
The not-so-sexy side of SOA means addressing the problems associated with the legacy software behind the average enterprise firewall... AHelloWorldgSOAPServer ThefirststepwhenwritingaWebService istothinkaboutthefunctionalityyouwant toexposetotheworld.Inthiscase,our simpleHelloWorldfunctionwillbecalled shareLegacyData().Thiswillbetheentry pointofourSOAPendpoint.Thisfunction willinturncallafunctioninanexisting staticC++libraryandwillreturntheresults ofthelibrarycall.Listing1hastheC++code forthegSOAPserverexample. Oncecompiled,thisservercanberunas aCommonGatewayInterface(CGI)script inApacheorIISbyputtingtheresulting binaryinthecgi-bindirectoryofyourWeb serverasaquickwayofgettingagSOAP serverupandrunning.ButCGI-based gSOAPserversaren’ttheonlyoption.While it’sbeyondthescopeofthisarticleto discussgSOAPserversindepth,it’sworth notingthevariousserveroptions: 1.ServerscanbeaCGIprogram(asjust demonstrated). 2.ServerscanbeaCGIprogramusing FastCGIorwiththeApachemod_gsoap module. 3.UsethegSOAPframeworktowriteyour ownmulti-threadedstandaloneserver usingpthreads. Theservermethodyouchooseiscompletelyuptoyou.Obviouslytherearepros andconsassociatedwitheach.Compiling yourserverasasimpleCGIisprobably theeasiestroutewhengettingusedtothe framework.ProductiongSOAPservers shouldprobablyemploythesecondorthird optionbecauseoftheinherentinefficienciesassociatedwithCGI. Onekeyaspectofthissimpleexample isthesomewhatsubtleintegrationof theSimpleLibraryclass.Thislibrarycan becompiledasastaticorsharedC++ library.Ifcompiledasastaticlibrary, usingthislibraryinourexampleserver classisstraightforwardwhendeploying theWebServiceasaCGIserver.Once compiled,thefunctionsinthestaticSimpleLibraryclassgetbakedintotheend product–article.cgi–whichrequiresno additionalenvironmentalconfiguration asinListing1. 36June2006
IfSimpleLibraryiscompiledasashared library(*.so),however,theSimpleLibrary. sosharedlibrarycontainsfunctionality externaltoarticle.cgi(notbakedin),and mustthereforebeproperlyreferencedat runtimeusingenvironmentconfigurationslikeLD_LIBRARY_PATH,orotherwise makingsuregSOAPServercanfindthe requiredsharedlibraries.Asaresult,torun article.cgiinApacheusinglibSimpleLibrary.so,forexample,onecouldconfigure Apachebyaddingthefollowinglineto httpd.conf: httpd.conf Configuration SetEnv LD_LIBRARY_PATH /full/path/to/shared/lib
YoucouldalsocopylibSimpleLibrary.soto /usr/lib,forexample,toensurethelibraryis foundforuseatruntime.
AHelloWorldgSOAPClient Forourexample,thesupportingWSDL isgeneratedfromtheheaderfile(Server.h), whichisusedtogeneratethesupporting SOAPservercodeusingthesoapcpp2utility.IfyouhaveanexistingWSDL,C++client-sidecodeiseasilygeneratedusingthe wsdl2hutility.It’salsopossibletogenerate SOAPclientcodeautomaticallyfromWSDL filesusingothertoolkits.Forexample,the wscompileutilityintheJavaJaxRPCmodule oftheWSDP2.0toolkitcanbeusedtogenerateaJavaJaxRPCclientforagSOAPWeb Service. Server.h //gsoap ns1 service location: http://192.168.0.2/cgibin/article.cgi int ns1__shareLegacyData(char *&resp);
The//gsoapdirectiveintheheader filecanbeusedtospecify,amongother things,aSOAPendpointwhennotexplicitlysuppliedtotheclientapplication. TheclientC++sourcecodelistingisin Listing2 Andlastbutnotleast,inListing3there’s asimpleMakefilethatcanbeusedto: 1.Generatethenecessarystub/skeleton codefromtheheaderfile;
2.Compiletheexamplelegacylibrarycode; 3.Compiletheserverexampleand 4.Compiletheclientexample. Insummary,thissimpleHelloWorld examplehasdemonstratedthefundamentalsofbuildinganddeployingacomplete end-to-endWebServiceusinggSOAP–one thatmakesfunctionsdefinedinexternal C/C++librariesaccessiblethroughoutthe WebServicesuniverseusingHTTP.Sothis examplecanbeusedasatemplateformore sophisticatedlegacysystemsintegration usinggSOAP.
Conclusion ThesuccessfuluseofgSOAPforsolvingproblemsassociatedwithintegrating internallegacyapplicationcodewithnew softwaremodules,usingthepatternsand techniquesdescribedabove,makescertain keyassumptions: 1.Legacysystemapplicationcodeiswritten inC/C++and 2.Thelegacyfunctionsthatneedexposing willideallyalreadybeavailableinstaticor sharedC/C++libraries. Theseassumptionsdon’tinvariablyapply toallsituations,butwillundoubtedlyapply tosome,inwhichcasethelessonsshared inthisarticlemayprovehelpful.Onceemployed,however,theresultingWebServices willbeuniversallyaccessibleandusablefor yearstocome. AstheSOArevolutionprogresses,slowly butsurely,it’sbecomingmoreandmore evidenthowSOAcanbeleveragedtocreatecomplexnewfunctionalityquicklyby mixingandmashingWebcomponentsfrom aroundtheWebServicesuniverse,aswell astobreathenewlifeintolegacysystems code.FrameworkssuchasgSOAParepowerful,cost-effectivetoolsinfacilitatingthe developmentofWebServiceAPIsintended forbothinternalandexternalconsumption. Longlivetherevolution! AboutTheAuthor JamesCapleisasystemsengineerwithNorthropGrumman. www.WSJ2.com
Listing1:Server.cpp #include “soapH.h” /* include generated proxy and SOAP support */ #include “ns1.nsmap” #include “SimpleLibrary.h” int main() { soap_serve(soap_new()); } int ns1__shareLegacyData(struct soap *soap, char *&resp) { SimpleLibrary simple; /* Library containing legacy functions */ resp = simple.sayHello(); return SOAP_OK; }
Listing2:SimpleLibrary.h class SimpleLibrary { public: SimpleLibrary(); ~SimpleLibrary(); char * sayHello(); };
SimpleLibrary.cpp
/** ** This is a simple library example that can be ** compiled as either a static (.a) or shared (.so) ** library. **/ #include “SimpleLibrary.h” /** * A simple C++ constructor */ SimpleLibrary::SimpleLibrary() { } /** * A simple C++ deconstructor */ SimpleLibrary::~SimpleLibrary() { } /** * A simple library API, whose functionality will be exposed * as a Web Service. */ char * SimpleLibrary::sayHello()
www.WSJ2.com
{ }
return “Hello World”;
Listing3:Client.cpp #include “soapH.h” // obtain the generated stub #include “ns1.nsmap” // obtain the namespace mapping table int main() { struct soap soap; // gSOAP runtime environment char *resp; soap_init(&soap); // initialize runtime environment (only once) if (soap_call_ns1__shareLegacyData(&soap, NULL, NULL, resp) == SOAP_OK) std::cout