SOA Web Services (JUNE 2006 / VOLUME: 6 ISSUE 6)

Citation preview

THE฀WORLD’S฀LEADING฀MAGAZINE฀DEDICATED฀TO฀WEB฀SERVICES฀TECHNOLOGIES Visit฀us฀at฀www.WebServices.SYS-CON.com

JUNE฀2006฀/฀VOLUME:฀6฀฀ISSUE฀6

B���g��g฀���e��c��v��y฀ B���g��g฀���e��c��v��y฀ ��฀Web฀�e�v�ce�฀ ��฀Web฀�e�v�ce�฀

U���g฀AJAX

M�k��g฀�฀�ucce���u�฀ M�k��g฀�฀�ucce���u�฀

�OA฀T������������� B���g��g฀�OA฀��฀��e B���g��g฀�OA฀��฀��e

M�������e

�����������������

����������������������������� N! TIO RA ���������������������������� IST �� G � RE ��� RD ����4 � ��������������� -BI �� RLY ���� ����� EA

���

�

�����

Altova® XMLSpy® 2006 – The industry standard XML development environment.

Bring your

development plans to light Sneak a peek at XMLSpy ® 2006, and see how essential it is to master XML. Revealed in XMLSpy 2006 Release 3: �

Superior error messaging with dynamic hyperlinking

�

New XSLT 2.0 and XQuery profilers

�

Powerful trace points for XSLT debugging

�

Innovative restriction handling in XML Schema design Altova® XMLSpy, the industry standard XML development environment, is indispensable for modeling, editing, transforming, and debugging XML-related technologies. Illuminate your strategy with the world's leading XML editor, the original graphical schema designer, a code generator, file converters, debuggers, profilers, support for XSLT, XQuery, WSDL, SOAP, and a wealth of brilliant XML utilities and enlightened usability aides. Become a markup mastermind! Download XMLSpy® 2006 today: www.altova.com

XMLSpy is also available as part of the award-winning Altova XML Suite. Microsoft, Visual Studio, and .NET are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.

JUNE฀2006฀/฀VOLUME:฀6฀ISSUE฀6

TABLE฀OF฀CONTENTS Visit฀us฀online฀at฀WebServices.SYS-CON.com

Inside฀This฀Issue SOA

�� Raghu฀ Anantharangachar฀

T�e฀A��฀��฀�e�v�ce฀O��e������� M��e฀����฀�������฀��฀��e��ec��ve

฀FROM฀THE฀EDITOR

����ec�(��g)฀����� By฀Sean฀Rhody

.....................................................................................

7

฀INDUSTRY฀COMMENTARY

U฀D��’�฀De���y฀�� By฀Ajit฀Sagar

.....................................................................................

8

฀STRATEGIES

M�������e฀��฀�OA฀� T�e฀Pe���e฀E��ec� H�w฀��฀����y฀��������e฀ex�e���฀��฀�฀ �e��u�ce฀��฀��e฀w���d฀��฀�OA

�4

By฀Robert฀Morris

................................................................................ ฀PRODUCT฀REVIEW

M��d�ee�฀�OAP�c��e฀�e�ve� T�e฀���e฀d�����bu�ed฀deve����e��฀e�v�����e��

�8

By฀Brian฀Barbash

................................................................................ ฀INTEGRATION

INTEGRATION

��

Tieu฀Luu,฀ Riad฀Assir,฀and฀ Sandeep฀Maripuri

�OA฀D���฀�����egy

V����฀��฀�฀�ucce���u�฀�OA฀��������������

Leve��g��g฀g�OAP฀��� Leg�cy฀�y��e��฀���eg������ T�e฀�OA฀�ev��u����฀���g�e��e�

34

By฀James฀Caple฀

................................................................................ ฀NETWORKING

T�e฀Bu���e��฀Be�efi฀��฀��฀ ����ed฀�e�v�ce�฀��฀��฀�OA O�g���z�������฀���eg������฀����ug�฀�฀ �e�v�ce�฀�e�w��k��g฀������c� By฀Frank฀Martinez

38

................................................................................ ฀XML

XQue�y:฀A฀�6��Deg�ee฀V�ew BPD

3� Stuart฀Burris

�eve��ye��฀e�����฀���duce�฀ dec������ve฀XML฀���ce����g฀���gu�ge By฀Dr.฀Daniela฀Florescu

44

................................................................................ ฀AJAX

B���g��g฀���e��c��v��y฀��฀Web฀ �e�v�ce�฀U���g฀AJAX T�e฀cu��e��฀����u�฀��฀Web฀�����c������ By฀Manivannan฀Gopalan฀and฀Mohit฀Chawla

48

................................................................................

T�e฀Ev��u����฀��฀�OA� B���g��g฀�OA฀��฀��e฀��������e www.WSJ2.com

฀SOA

�OA฀��d฀U�e�฀���e���ce� T�e฀b���c�

By฀David฀S.฀Linthicum

��

................................................................................

June฀2006฀฀3฀฀

so a m a k e y o u r ^ s e c u r i t y m o v e s w i s e ly. . .

web services diagnostics

web services firewall

vulnerability containment service

soa security gateway

Putting together the pieces for the world’s most demanding SOA security systems

Forum Systems Enterprise SOA Security Solutions: • t r u st e d s oa m i d d l ewa r e • w e b s e rv i c e s s ec u r i t y • x m l acc e l e r at i o n w

w

w

.

f

o

r

u

m

s

y

s

t

e

m

s

.

the leader in web services & soa security

c

o

m

FROM฀THE฀EDITOR www.Web�e�v�ce�.�Y���ON.c��

�NTERNAT�ONAL฀ADV��ORY฀BOARD฀ ������฀������฀�����฀���������฀������฀������฀�����฀��������฀฀ ����฀�������฀����฀������฀������฀�������฀�������฀������฀��������฀ �����฀���������฀�����฀�������฀����฀������฀������฀����

฀ TE�HN��AL฀ADV��ORY฀BOARD

Collect(ing)฀Calls WRITTEN฀BY฀SEAN฀RHODY

��฀�����������฀����฀��������฀�������฀��฀�����฀������฀��������

฀ ED�TOR�AL฀ ฀ Ed�����������e� ����฀�����฀฀����������������

฀ XML฀Ed���� ������฀����

฀ ��du���y฀Ed���� �������฀������฀฀�������������������

฀ P��duc�฀Rev�ew฀Ed����

�����฀�������฀฀��������������������

฀ .NET฀Ed����

����฀�����฀฀���������������������

฀ �ecu���y฀Ed����

�������฀������฀฀�����������������������

฀ Re�e��c�฀Ed����

�������฀������฀����฀฀�������������������

฀ Tec���c��฀Ed�����

������฀�����฀฀��������������������� �����฀��������฀฀�������������������������� ����฀������฀�����฀฀�������������� ����฀����฀฀����������������� �������฀�����฀฀��������������

฀ ���e���������฀Tec���c��฀Ed���� ����฀�����฀฀���������������������

฀ Execu��ve฀Ed����

�����฀���������฀฀฀�����������������

฀ O����e฀Ed����฀

�����฀���������฀฀����������������� ฀

฀ PRODU�T�ON฀ ฀ ART฀D�RE�TOR

����฀������฀฀����������������

฀ A��O��ATE฀ART฀D�RE�TOR� �������฀����฀฀������������������� �����฀��฀�������฀฀����������������� ����฀������฀฀����฀������������

฀ WR�TER�฀�N฀TH��฀���UE฀ �����฀�����������������฀����฀������฀�����฀��������฀������฀�������฀�����฀ ������฀�����฀������฀��������฀���������฀����������฀��������฀�����฀ ����������฀����฀����฀�������฀���������฀�����฀���������฀������฀�������฀ ����฀������

฀ ED�TOR�AL฀O����E�฀ �������฀����� ���฀��������฀�����฀�����฀���������฀��฀���4� ����������฀���฀��������฀฀����฀���฀�������� ���฀��������฀�������฀�����#฀���������� ��฀���������฀�������฀���฀�����฀�฀����� ��฀฀�������฀�������������฀���� �����������฀�������฀������� ���������฀��฀���4�฀���฀����������฀�������฀�����s �����������฀����฀�������฀�������฀��� ���฀��������฀��������฀�������฀�������������฀���� ���฀��������฀�����฀�����฀���������฀��฀���4�

฀ ©�OPYR�GHT฀

���������฀©฀����฀��฀�������฀�������������฀����฀���฀������฀���������฀��฀����฀��฀����฀�����������฀���฀��฀ ����������฀��฀�����������฀��฀���฀����฀��฀��฀���฀������฀����������฀��฀�����������฀���������฀���������฀��฀���฀ �����������฀�������฀���฀���������฀������฀�������฀�������฀�����������฀���฀�����������฀���������฀�������฀�������฀ ������������฀�������฀�������������฀�����฀��������฀���฀�����฀��฀�������฀����������฀���฀���������฀���฀�������฀��฀ ���฀���฀��������฀���������฀���฀������������฀���฀�����฀���฀�������฀�����฀����฀��฀�����฀�����฀���฀�����฀������฀ �������฀������฀��฀����������฀��฀�����฀����������฀����������฀�������฀�������������฀�����฀��฀���฀���������฀����฀ ���฀���������฀��฀��������฀�������฀��฀���฀��������฀��������฀฀

�

’m฀sitting฀in฀the฀airport,฀waiting฀for฀my฀end-of-week฀flight,฀and฀listening฀to฀the฀latest฀ security฀controversy.฀Apparently฀the฀government฀has฀compiled฀a฀database฀of฀phone฀records฀as฀part฀of฀their฀fight฀against฀terrorism฀–฀the฀theory฀being฀that฀by฀analyzing฀the฀call฀ patterns฀and฀using฀some฀social฀engineering,฀they฀might฀be฀able฀to฀identify฀terrorist฀activity.฀ ฀ I฀have฀no฀idea฀if฀this฀is฀legal฀or฀not,฀but฀certainly฀it’s฀something฀I฀never฀expected฀while฀I฀ was฀using฀my฀phone.฀I฀suspect฀that฀many฀people฀besides฀me฀expected฀their฀communications฀to฀be฀confidential.฀Apparently฀the฀phone฀companies฀felt฀that฀was฀not฀the฀case.฀ ฀ A฀few฀months฀ago,฀a฀bank฀that฀I฀do฀business฀with฀lost฀a฀tape฀with฀all฀sorts฀of฀personal฀ information฀pertaining฀to฀its฀customers.฀They฀later฀recovered฀the฀tape,฀but฀not฀before฀they’d฀ had฀to฀send฀out฀a฀note฀to฀all฀of฀us฀letting฀us฀know฀our฀identities฀were฀in฀jeopardy.฀ ฀ Sadly,฀these฀are฀just฀some฀of฀the฀problems฀that฀present฀themselves฀in฀the฀wired฀world.฀ They’re฀not฀even฀examples฀of฀malicious฀behavior฀(I฀give฀the฀government฀the฀benefit฀of฀the฀ doubt);฀they’re฀just฀things฀that฀happen฀in฀the฀course฀of฀doing฀business,฀or฀running฀the฀country.฀ ฀ While฀these฀incidents฀don’t฀pertain฀directly฀to฀Web฀services฀security,฀or฀to฀securing฀an฀SOA,฀they฀certainly฀illustrate฀the฀complexity฀of฀ the฀problem฀and฀the฀seriousness฀of฀the฀issues.฀ ฀ Security฀is฀a฀fundamental฀IT฀issue,฀one฀that฀has฀been฀growing฀in฀ complexity฀and฀difficulty฀since฀the฀invention฀of฀the฀network฀card.฀ We฀all฀have฀information฀that฀is฀important฀to฀us,฀and฀keeping฀that฀ information฀private฀is฀something฀we฀expect฀from฀the฀organizations฀ that฀we฀share฀our฀information฀with.฀ ฀ SOA฀and฀Web฀services฀provide฀ease฀of฀communication฀and฀ mechanisms฀for฀widespread฀distribution฀of฀application฀functionality,฀often฀outside฀the฀boundaries฀of฀the฀enterprise.฀Many฀businessto-consumer฀sites,฀for฀example,฀provide฀Web฀services฀interfaces฀to฀ do฀things฀like฀bid฀on฀an฀auction฀or฀purchase฀an฀item.฀During฀the฀ transaction,฀sensitive฀information฀is฀transmitted.฀ ฀ It’s฀our฀expectation฀that฀this฀information฀will฀be฀protected,฀both฀when฀the฀transaction฀occurs฀and฀in฀the฀future.฀This฀requires฀security฀in฀many฀areas.฀During฀the฀transaction,฀establishing฀a฀secured฀connection฀and฀protecting฀the฀information฀transfer฀from฀snooping฀eyes฀ is฀critical.฀Once฀the฀information฀is฀inside฀a฀company฀that฀employs฀an฀SOA฀infrastructure฀ to฀support฀its฀applications,฀it’s฀critical฀that฀all฀avenues฀to฀that฀information฀be฀safeguarded฀ as฀well.฀This฀includes฀protecting฀databases฀from฀attacks,฀as฀well฀as฀ensuring฀that฀access฀to฀ all฀of฀our฀sensitive฀information฀is฀both฀controlled฀and฀monitored,฀so฀that฀the฀classic฀disgruntled฀employee฀or฀corporate฀spy฀cannot฀simply฀siphon฀off฀all฀of฀our฀information฀to฀sell฀ to฀criminals.฀This฀is฀not฀an฀easy฀task,฀and฀the฀various฀legislative฀programs฀such฀as฀HIPPA,฀ which฀requires฀privacy฀for฀health฀records,฀can฀make฀the฀task฀even฀more฀challenging.฀ ฀ There’s฀a฀balance฀too,฀between฀privacy฀and฀efficiency.฀Yes,฀I’d฀like฀my฀doctors฀to฀be฀able฀ to฀see฀my฀records฀in฀an฀emergency,฀but฀at฀the฀same฀time,฀I’m฀not฀sure฀I฀want฀my฀insurance฀company฀to฀be฀able฀to฀do฀the฀same฀thing.฀Without฀question,฀creating฀an฀intelligent฀ approach฀to฀information฀security฀is฀a฀complex฀task.฀Data฀never฀really฀disappears฀once฀you฀ provide฀it฀to฀another฀source฀–฀and฀we฀have฀to฀all฀realize฀that฀providing฀information฀may฀ have฀consequences฀that฀we฀never฀imagined.฀We฀have฀a฀responsibility฀as฀well฀to฀be฀diligent฀ and฀to฀not฀allow฀social฀engineering฀and฀Internet฀scams฀to฀take฀us฀in.฀Responsibility฀starts฀ with฀us,฀and฀extends฀to฀the฀people฀we฀trust฀with฀our฀information.฀ ฀ Our฀focus฀in฀this฀issue฀is฀on฀SOA฀and฀Web฀services฀security.฀This฀is฀always฀an฀important฀ topic฀and,฀certainly฀in฀light฀of฀recent฀events,฀one฀of฀interest฀to฀all฀of฀us฀who฀work฀in฀information฀technology.฀฀฀ About฀the฀Author Sean฀Rhody฀is฀the฀editor-in-chief฀of฀SOA฀Web฀Services฀Journal.฀He฀is฀a฀respected฀industry฀expert฀and฀a฀consultant฀with฀a฀ leading฀consulting฀services฀company.฀[email protected]

www.�Y���ON.c��

June฀2006฀฀7฀฀

INDUSTRY฀COMMENTARY

U฀Don’t฀Deploy฀It

www.Web�e�v�ce�.�Y���ON.c��

�ORPORATE ฀ P�e��de��฀��d฀�EO

WRITTEN฀BY฀AJIT฀SAGAR

�฀

few฀years฀ago,฀when฀Web฀services฀started฀out฀as฀a฀buzzword฀in฀the฀enterprise,฀the฀ whole฀paradigm฀was฀associated฀with฀(and฀still฀is)฀associated฀with฀three฀concepts฀ –฀SOAP,฀WSDL,฀and฀UDDI.฀Now,฀when฀enterprises฀are฀putting฀Web฀services฀into฀production,฀you฀will฀most฀likely฀see฀two฀out฀of฀the฀three฀stakes฀being฀driven฀into฀the฀ground,฀ but฀I฀have฀yet฀to฀see฀any฀real฀adoption฀of฀the฀“dynamic”฀part฀of฀any฀Web฀services฀implementation.฀Web฀services฀are฀taking฀root฀as฀a฀very฀feasible฀platform฀for฀achieving฀service฀orientation฀(not฀the฀only฀platform,฀mind฀you),฀but฀none฀of฀the฀clients฀that฀I฀have฀interacted฀with฀ have฀any฀plan฀to฀adopt฀a฀UDDI-based฀service฀registry฀in฀the฀near฀or฀long฀term. ฀฀฀฀฀W3C฀defines฀a฀Web฀service฀as฀“a฀software฀system฀identified฀by฀a฀URI,฀whose฀public฀interfaces฀and฀bindings฀are฀defined฀and฀described฀using฀XML.฀Its฀definition฀can฀be฀discovered฀ by฀other฀software฀systems.฀These฀systems฀may฀then฀interact฀with฀the฀ Web฀service฀in฀a฀manner฀prescribed฀in฀its฀definition฀using฀XML-based฀ messages฀conveyed฀over฀Internet฀protocols.”฀Ironically,฀the฀definition฀ does฀not฀mention฀WSDL฀as฀the฀mandated฀standard฀for฀defining฀and฀ describing฀the฀Web฀service,฀SOAP฀as฀the฀XML-based฀message฀format,฀ or฀UDDI฀as฀the฀means฀of฀“discovering฀the฀definition.”฀The฀only฀things฀ mandated฀by฀the฀definition฀is฀the฀usage฀of฀XML.฀However,฀as฀we฀know,฀ the฀standard฀Web฀Services฀Architecture฀specification฀assumes฀SOA,฀ WSDL,฀and฀UDDI.฀The฀definition฀and฀protocol฀aspects฀are฀definitely฀ standardized฀and฀being฀deployed฀in฀enterprise฀applications.฀However,฀ the฀discovery฀aspect฀still฀remains฀a฀pie฀in฀the฀sky฀as฀far฀as฀its฀actual฀application฀in฀the฀enterprise฀is฀concerned. ฀ Web฀services฀is฀a฀platform฀for฀achieving฀SOA.฀In฀order฀to฀have฀reusable฀services,฀a฀ component/service฀repository฀is฀a฀very฀valuable฀artifact.฀However,฀a฀public฀repository฀that฀ can฀be฀used฀by฀multiple฀parties฀to฀locate฀universally฀available฀services฀across฀distributed฀ locations฀is฀still฀a฀bit฀of฀an฀overkill฀in฀the฀industry฀today.฀UDDI฀is฀not฀necessary฀for฀categorizing฀services.฀Dynamic฀discovery฀and฀binding฀are฀very฀interesting฀concepts,฀until฀they฀ are฀actually฀applied฀to฀the฀way฀businesses฀today,฀and฀in฀the฀foreseeable฀future,฀will฀interact฀ with฀other฀businesses. ฀ While฀the฀conceptualization,฀development,฀deployment,฀and฀maintenance฀of฀ubiquitous฀ yellow฀pages฀is฀inherently฀complex,฀I฀don’t฀think฀that฀is฀the฀crux฀of฀the฀problem.฀The฀bottom฀ line฀is฀that฀you฀actually฀need฀a฀viable฀business฀model฀to฀apply฀the฀technology฀too.฀Think฀of฀ our฀evolution฀from฀RPC฀to฀CORBA,฀to฀RMI฀(in฀Java)฀to฀Web฀services.฀Dynamic฀invocation฀ has฀always฀had฀the฀“coolness”฀factor฀to฀it,฀but฀has฀never฀really฀found฀a฀home฀in฀prevalent฀ business฀models.฀A฀few฀years฀back฀when฀all฀of฀us฀were฀drinking฀the฀Kool-Aid฀and฀dreaming฀ about฀public฀marketplaces฀where฀participants฀of฀all฀levels฀could฀participate฀in฀a฀transaction,฀the฀whole฀concept฀of฀multi-party,฀multi-transactional฀architectures฀didn’t฀really฀take฀ off.฀This฀was฀not฀a฀failing฀in฀technology.฀It฀was฀a฀failing฀in฀the฀application฀of฀viable฀technology฀to฀a฀non-existent฀business฀model.฀How฀could฀parties฀conducting฀serious฀trade฀put฀their฀ trust฀in฀companies฀who฀were฀here฀today,฀but฀may฀be฀gone฀tomorrow? ฀ UDDI฀seems฀to฀in฀a฀similar฀situation.฀We฀have฀a฀long฀way฀to฀go฀before฀transactions,฀based฀ on฀a฀random฀search,฀can฀be฀conducted฀without฀a฀formally฀established฀trust฀relationship฀ between฀two฀parties.฀In฀the฀end,฀transactions฀are฀conducted฀between฀a฀consumer฀and฀a฀supplier,฀and฀these฀two฀parties฀establish฀relationships฀well฀in฀advance฀before฀exchanging฀goods. ฀ On฀a฀different฀note,฀if฀you฀are฀a฀looking฀for฀a฀good฀book฀that฀discusses฀Web฀services฀from฀ several฀perspectives,฀check฀out฀Perspectives฀on฀Web฀Services฀by฀Zimmerman,฀Tomlinson,฀ and฀Peuser.฀A฀review฀is฀available฀on฀my฀blog฀http://ajitsagar.javadevelopersjournal.com.฀฀ About฀the฀Author Ajit฀Sagar฀is฀a฀principal฀architect฀with฀Infosys฀Technologies,฀Ltd.,฀a฀global฀consulting฀and฀IT฀services฀company.฀Ajit฀has฀been฀ working฀with฀Java฀since฀1997,฀and฀has฀more฀than฀15฀years฀experience฀in฀the฀IT฀industry.฀During฀this฀tenure,฀he’s฀been฀a฀ programmer,฀lead฀architect,฀director฀of฀engineering,฀and฀product฀manager฀for฀companies฀from฀15฀to฀25,000฀people฀in฀size.฀Ajit฀ has฀served฀as฀JDJ’s฀J2EE฀editor,฀was฀the฀founding฀editor฀of฀XML฀Journal,฀and฀has฀been฀a฀frequent฀speaker฀at฀SYS-CON’s฀Web฀ Services฀Edge฀series฀of฀conferences,฀JavaOne,฀and฀international฀conference.฀He฀has฀published฀more฀than฀125฀articles.

����฀��������฀฀����������������

G��u�฀Pub����e� ������฀������฀฀������������������

฀ ฀ ADVERT���NG ฀ �e����฀VP,฀���e�฀&฀M��ke���g ������฀��������฀฀������������������

฀ VP,฀���e�฀&฀M��ke���g

�����฀���������฀฀�����������������

฀ Adve������g฀D��ec���

�����฀�����฀฀�����������������

฀ Adve������g฀M���ge�

�����฀�����฀฀�����������������

฀ A���c���e฀���e�฀M���ge��

�����฀������฀฀�����������������฀฀

฀ ฀ �Y���ON฀EVENT� ฀ A���c���e฀Eve��฀M���ge� ������฀����฀฀������������������

฀ ฀ ฀ �U�TOMER฀RELAT�ON� ฀ ���cu������฀�e�v�ce฀����d������ ����฀�����฀�������฀฀����������������

฀ ฀ �Y���ON.�OM ฀ VP฀�����������฀�y��e�� ������฀�������฀฀������������������

฀ Web฀De��g�e��

�������฀���������฀฀������������������� �����฀�������฀฀�����������������

฀ ฀ A��OUNT�NG ฀ �����c���฀A���y�� ����฀������฀฀����������������

฀ Acc�u���฀P�y�b�e

�����฀�����฀฀�����������������

฀ Acc�u���฀Rece�v�b�e

����฀������฀฀�����������������

฀ ฀ �UB��R�PT�ON� ��������������������� ��������������฀��฀�������������� ���฀�������������฀���฀��������฀���฀����฀�������฀ ������฀����฀����฀�������฀��฀������������฀���������� �����฀������฀����������� ���������฀���������฀���฀������� ��������������฀��������� ���฀�����฀����������฀��������� �����฀�����฀��฀�����฀������� W���dw�de฀New�����d฀D�����bu����: ������฀�����������฀��������฀���฀��������฀�� ���฀����฀�e����฀�����������:฀ �����฀��������฀�4�฀�������4�฀����������������������������;฀ �����฀��������฀�4�฀���������฀����������������������������� �������฀�������������฀�����฀��������฀���฀�����฀��฀�������฀ ���������฀���฀���������฀���฀�������฀��฀���฀���฀��������฀ ���������฀���฀������������

[email protected] www.�Y���ON.c��

8฀฀June฀2006

BPEL is the SQL of SOA

Get started building next-generation SOA applications with the leading vendor of BPEL technologies

Download BPEL tooling & server software today

������������������

activeBPEL BPEL consulting, certification and training. BPEL design tools, servers and source code for Eclipse, Apache Tomcat, JBoss, WebSphere, WebLogic, BizTalk and Microsoft .NET. Copyright 2006 Active Endpoints, Inc. All Rights Reserved. All product names are trademarks or service marks of their respective companies.

SERVICE-ORIENTED฀ ARCHITECTURE

The฀Art฀

of฀Service฀ Orientation

More฀than฀optimal฀is฀ineffective WRITTEN฀BY฀RAGHU฀ANANTHARANGACHAR฀

฀Service฀Oriented฀Architecture฀(SOA)฀refers฀to฀an฀architectural฀ solution฀that฀creates฀an฀environment฀in฀which฀services,฀service฀ consumers,฀and฀service฀producers฀co-exist฀yet฀have฀no฀dependence฀on฀each฀other.฀SOA฀enables฀an฀enterprise฀to฀increase฀the฀ loose฀coupling฀and฀the฀reuse฀of฀frequently฀used฀software฀assets.฀ These฀software฀assets฀together฀with฀the฀functionality฀that฀they฀ provide฀are฀called฀services฀in฀SOA฀terminology.฀By฀nature฀SOAs฀ are฀typically฀applied฀to฀solutions฀with฀highly฀volatile฀requirements.฀

�

n฀this฀article฀the฀emphasis฀will฀be฀on฀how฀to฀apply฀service฀ orientation฀to฀solve฀a฀problem฀at฀the฀enterprise฀level฀and฀how฀ to฀decide฀how฀much฀service฀orientation฀is฀“optimal.”฀The฀word฀ optimal฀means฀the฀point฀of฀maximum฀pay-off฀for฀the฀investment฀ specified฀and฀implies฀that฀once฀that฀optimal฀point฀is฀crossed฀either฀ the฀return฀on฀investment฀tends฀to฀drop฀or฀the฀return฀doesn’t฀grow฀ proportionate฀to฀the฀investment. ฀ Here฀we’ll฀attempt฀to฀indicate฀some฀key฀points฀that฀can฀be฀used฀in฀ making฀decisions฀about฀how฀much฀service฀orientation฀is฀optimal.

10฀฀June฀2006

SOA฀Solution฀Overview ฀ An฀SOA฀solution฀refers฀to฀a฀solution฀built฀using฀SOA฀concepts฀and฀ to฀realize฀a฀SOA฀solution฀it’s฀necessary฀to฀map฀the฀architecture฀to฀an฀ implementation฀using฀a฀specific฀set฀of฀technologies/products/platforms.฀As฀with฀any฀other฀solution,฀a฀SOA฀solution฀is฀characterized฀ by฀a฀set฀of฀mandatory฀(and฀optional)฀components.฀(See฀Figure฀1฀for฀ the฀main฀components฀of฀an฀SOA฀solution.) ฀ A฀complete฀SOA฀solution฀consists฀of฀these฀main฀components: •฀ Producer:฀A฀producer฀is฀an฀entity฀that฀offers฀a฀specific฀service฀or฀ functionality.฀A฀producer฀usually฀registers฀the฀functionality฀that฀it฀ provides฀and฀the฀interface฀that฀has฀to฀be฀invoked฀to฀make฀use฀of฀ the฀service฀in฀the฀repository. •฀ Consumer:฀A฀consumer฀is฀the฀entity฀that฀makes฀use฀of฀the฀service฀ offered฀by฀the฀producer.฀A฀consumer฀looks฀up฀the฀repository฀and฀ identifies฀the฀details฀about฀the฀service฀including฀the฀interface.฀It฀ then฀invokes฀the฀service฀using฀the฀appropriate฀invocation฀mechanism. •฀ Service:฀A฀service฀is฀the฀entity฀that฀does฀a฀specific฀task฀when฀invoked.฀It฀always฀does฀the฀same฀task฀regardless฀of฀how฀it’s฀invoked.฀ It’s฀provided฀either฀by฀a฀business฀process฀or฀a฀set฀of฀business฀ activities฀realized฀using฀a฀programming฀language. •฀ Contract:฀A฀contract฀or฀an฀interface฀specifies฀the฀format฀in฀which฀ the฀data฀is฀provided฀to฀the฀service฀to฀do฀a฀specific฀task.฀It฀also฀ identifies฀the฀invocation฀mechanism฀to฀invoke฀the฀service. •฀ Repository:฀A฀repository฀is฀a฀glorified฀version฀of฀the฀registry฀and฀ includes฀the฀metadata฀relevant฀to฀the฀solution,฀namely฀the฀service,฀service฀contract,฀data/object฀model,฀and฀so฀on.฀A฀repository฀

www.WSJ2.com

stores฀the฀details฀about฀every฀service฀that฀can฀be฀invoked฀and฀ the฀details฀about฀how฀to฀invoke฀it฀which฀includes฀the฀interface฀ details,฀invocation฀mechanism,฀and฀so฀on.

Problem฀Description ฀ SOA฀is฀making฀big฀strides฀into฀every฀company฀and฀penetrating฀ into฀every฀business฀in฀some฀way฀or฀the฀other.฀While฀the฀analyst฀ forums฀are฀focused฀on฀evolving฀the฀benefits฀of฀SOA฀from฀a฀business฀ perspective,฀standards฀bodies฀are฀involved฀in฀evolving฀the฀standards฀needed฀by฀SOA฀to฀build฀an฀open฀architecture฀that฀standardizes฀SOA฀solutions฀across฀all฀industries.฀This฀has฀resulted฀in฀every฀ company฀being฀pushed฀to฀“assimilate”฀SOA฀in฀its฀“blood”฀and฀use฀ SOA฀as฀a฀universal฀phenomenon.฀In฀other฀words,฀every฀company฀ takes฀pride฀in฀using฀SOA฀in฀every฀communication,฀every฀newsletter,฀every฀project,฀and฀so฀on฀without฀making฀a฀conscious฀decision฀ about฀how฀much฀is฀“enough.”฀This฀situation฀can฀lead฀to฀a฀company฀ over-investing฀and฀diluting฀the฀SOA฀concept.฀It฀can฀potentially฀ impact฀both฀the฀company฀and฀the฀SOA.฀As฀a฀result,฀it’s฀very฀likely฀ that฀the฀company฀might฀“burn฀through”฀its฀finances฀or฀attribute฀ its฀failure฀to฀SOA.฀So฀it’s฀necessary฀to฀understand฀how฀much฀SOA฀is฀ optimal฀and฀decide฀where฀SOA฀should฀and฀shouldn’t฀be฀used.

SOA฀Impact฀Zones ฀ SOA฀typically฀covers฀all฀aspects฀of฀an฀enterprise฀when฀applied฀in฀ full.฀Though฀it’s฀likely฀that฀every฀company฀may฀not฀have฀reached฀ the฀maturity฀of฀applying฀SOA฀to฀all฀its฀departments,฀our฀focus฀is฀on฀ the฀Service฀Oriented฀Enterprises฀(SOEs)฀that฀use฀SOA฀broadly.฀Some฀ of฀the฀key฀impact฀zones฀include฀the฀following:

2.฀Architecture฀Zone ฀ The฀architecture฀zone฀implies฀all฀the฀aspects฀of฀the฀technical฀architecture฀that’s฀part฀of฀the฀SOA฀solution.฀This฀includes฀the฀various฀ views฀of฀the฀architecture฀itself฀like฀the฀business฀view,฀technical฀view,฀ implementation฀view,฀functional฀view,฀support฀view,฀and฀so฀on.฀ These฀views฀help฀define฀a฀complete฀system฀that฀can฀support฀SOA.฀ This฀zone฀can฀be฀classified฀into฀the฀following฀sub-zones:

Providers ฀ Providers฀are฀the฀assets฀that฀provide฀a฀specific฀functionality.฀It’s฀ necessary฀to฀decide฀how฀much฀provider฀functionality฀has฀to฀be฀ automated.฀As฀we฀would฀all฀agree,฀every฀enterprise฀should฀have฀ an฀evolution฀scheme฀that฀would฀initially฀start฀with฀a฀manual฀set฀ of฀processes,฀technology,฀and฀solutions฀that฀would฀graduate฀into฀ a฀semi-manual฀(partially฀automated)฀set฀of฀processes,฀technology,฀ and฀solutions.฀It’s฀only฀with฀repetitive฀use฀–฀and฀against฀specific฀ requirements฀–฀that฀a฀company฀should฀consider฀automation.฀It฀may฀ be฀perfectly฀fine฀to฀leave฀specific฀functionality฀as฀a฀manual฀task.฀ For฀example,฀in฀the฀case฀of฀mobile฀operators,฀it฀might฀be฀okay฀to฀ automate฀only฀the฀provisioning฀processes,฀but฀leave฀the฀rollback฀ processes฀as฀manual฀tasks฀for฀the฀operator฀to฀do.฀The฀amount฀of฀ investment฀required฀to฀automate฀these฀rollback฀processes฀wouldn’t฀ result฀in฀a฀proportionate฀pay-off.฀

Producer

1.฀Program฀Governance฀and฀Management฀Zone ฀ An฀enterprise’s฀program฀management฀and฀governance฀groups฀are฀ definitely฀impacted.฀In฀this฀context,฀it’s฀good฀to฀understand฀what฀ the฀functions฀of฀these฀groups฀are.฀Key฀functions฀include฀providing฀ a฀strong฀rules฀base฀for฀the฀SOA฀program฀and฀support฀in฀terms฀of฀ defining฀the฀hierarchy฀of฀management฀staff,฀their฀roles,฀responsibilities,฀interactions฀with฀other฀management฀staff,฀and฀so฀on.฀In฀ this฀context,฀it’s฀necessary฀to฀use฀certain฀management฀models฀(like฀ patterns฀in฀the฀software฀industry)฀to฀define฀the฀functionality฀clearly.฀ The฀tendency฀is฀to฀have฀a฀“fully”฀automated฀governance฀system฀in฀ place฀(typically฀called฀e-governance)฀that฀can฀address฀and฀support฀ SOA’s฀deployment฀in฀the฀enterprise.฀ ฀ The฀following฀points฀help฀identify฀the฀level฀of฀automation฀required฀while฀working฀out฀a฀governance฀body฀for฀an฀enterprise: •฀ The฀size฀of฀the฀enterprise.฀How฀big฀is฀the฀organization?฀This฀is฀a฀ key฀question฀to฀be฀posed฀before฀working฀out฀a฀huge฀governance฀ program.฀If฀SOA฀coverage฀is฀small฀(say,฀less฀than฀20฀people)฀then฀ it฀makes฀sense฀to฀have฀manual฀processes.฀It’s฀widely฀believed฀that฀ automation฀only฀makes฀sense฀in฀huge฀organizations฀since฀automation฀requires฀a฀huge฀investment. •฀ The฀number฀of฀SOA฀deployments.฀How฀many฀SOA฀deployments฀ will฀the฀program฀governance฀cover?฀If฀there฀are฀only฀few฀projects฀ (say฀less฀than฀five)฀then฀it฀probably฀makes฀sense฀to฀use฀manual฀ processes. •฀ Future฀plans฀and฀forecasting฀for฀SOA฀growth.฀What฀is฀the฀projection฀for฀future฀SOA฀growth฀and฀expansion?฀This฀is฀another฀important฀point฀to฀keep฀in฀mind฀while฀deciding฀on฀the฀SOA฀governance฀ panel.฀However,฀remember฀that฀projections฀don’t฀necessarily฀ materialize฀and฀even฀if฀the฀future฀seems฀bright,฀it’s฀better฀to฀make฀ provision฀for฀additional฀growth฀in฀the฀governance฀panel฀and฀ processes,฀but฀not฀necessarily฀invest฀in฀it.

www.WSJ2.com

Integration

Repository

Consumer

Figure฀1:฀SOA฀solution฀components

Some฀tips฀include: •฀ How฀much฀provider฀functionality฀is฀going฀to฀be฀reused฀ externally฀and฀so฀externally฀published?฀For฀example,฀while฀ building฀an฀inventory฀modeling฀application,฀we฀might฀want฀to฀ expose฀only฀the฀coarse-grained฀provider฀functions฀like฀create_ a_dsl_model_in_inventory฀and฀decide฀to฀keep฀all฀the฀internal฀ atomic฀functions฀used฀to฀create฀the฀model฀as฀internal฀(like฀the฀ create_a_dsl_equipment,฀create_a_port,฀enable_a_port฀and฀ so฀on).฀With฀this฀step,฀it’s฀possible฀to฀“balance”฀the฀number฀of฀ interfaces/services฀exposed฀outside฀and฀those฀that฀have฀to฀be฀ internal.฀ •฀ How฀much฀provider฀functionality฀is฀internal฀but฀used฀in฀other฀ applications฀and฀so฀has฀to฀be฀internally฀published?฀In฀this฀ case,฀the฀internal฀functions฀are฀aggregated฀and฀in฀aggregating฀ them฀we฀would฀have฀to฀invoke฀the฀internal฀functions.฀When฀ doing฀this,฀we฀might฀want฀to฀create฀internal฀or฀locally฀shared฀ functionality฀and฀make฀it฀available฀to฀other฀internal฀functions฀or฀ applications.

June฀2006฀฀11฀฀

SERVICE-ORIENTED฀ ARCHITECTURE

•฀ How฀much฀of฀provider฀functionality฀won’t฀be฀reused฀or฀is฀legacy฀ and฀so฀doesn’t฀require฀loose฀coupling฀resulting฀in฀direct฀interface฀invocation?฀To฀understand฀this฀point,฀it’s฀necessary฀to฀know฀ how฀much฀of฀the฀provider฀functionality฀is฀being฀developed฀from฀ scratch฀and฀how฀much฀is฀being฀reused฀from฀other฀applications฀ (which฀are฀legacy).฀Legacy฀functionality฀isn’t฀typically฀attempted฀ for฀further฀break-up฀since฀it฀takes฀more฀time฀and฀effort฀to฀re-engineer,฀and฀re-engineering฀doesn’t฀guarantee฀the฀same฀behavior฀ and฀performance.฀So,฀it฀might฀be฀necessary฀to฀“wrap”฀the฀legacy฀ functionality฀with฀a฀SOA-based฀provider฀and฀expose฀only฀the฀final฀ aggregated฀functionality฀to฀the฀outside฀world.฀The฀other฀provider฀ functionality฀doesn’t฀have฀to฀be฀loosely฀coupled฀and,฀in฀fact,฀can฀ remain฀monolithic. •฀ How฀much฀provider฀functionality฀really฀requires฀automation?฀A฀critical฀decision฀in฀building฀a฀SOA฀system฀is฀to฀decide฀ how฀much฀automation฀is฀“required”฀or฀“enough.”฀For฀example,฀ consider฀a฀network฀provisioning฀scenario฀needing฀a฀software฀ component฀that฀has฀to฀configure฀specific฀hardware฀(probably฀ routers)฀and฀enable฀certain฀ports฀so฀the฀traffic฀flows.฀In฀this฀ scenario,฀it’s฀possible฀to฀develop฀business฀processes฀or฀write฀ code฀(using฀a฀language฀like฀Java)฀that฀can฀establish฀the฀session฀ with฀the฀hardware,฀talk฀to฀the฀hardware,฀provision฀the฀customer/service,฀and฀configure฀the฀hardware.฀While฀doing฀this,฀one฀of฀

Consumers ฀ Every฀consumer฀in฀a฀SOA฀context฀doesn’t฀have฀to฀be฀an฀automated฀program฀or฀a฀business฀process.฀The฀consumer฀for฀a฀specific฀ service฀can฀be฀a฀human฀operator฀who฀would฀run฀a฀specific฀tool฀and฀ invoke฀the฀service฀manually.฀Some฀of฀the฀key฀decision฀points฀in฀this฀ context฀are฀as฀follows: •฀ How฀much฀consumer฀functionality฀needs฀externally฀offered฀ functionality?฀And฀how฀many฀of฀these฀external฀functions฀could฀ change฀(either฀of฀the฀service฀contract฀or฀interface฀contract)฀and฀ require฀a฀registry฀lookup?฀How฀much฀of฀the฀consumer฀functionality฀requires฀external฀(B2B)฀interfacing?฀The฀consumer฀functionality฀that฀doesn’t฀require฀a฀registry฀lookup฀doesn’t฀have฀to฀be฀very฀ flexible.฀In฀other฀words,฀it฀can฀choose฀“tight฀coupling”฀resulting฀in฀ better฀performance. •฀ How฀much฀of฀consumer฀functionality฀requires฀internal฀functionality,฀but฀is฀used฀in฀other฀applications฀and฀so฀has฀to฀be฀internally฀ published? •฀ How฀much฀of฀consumer฀functionality฀isn’t฀going฀to฀be฀reused฀or฀ is฀legacy฀and฀doesn’t฀require฀loose฀coupling,฀resulting฀in฀direct฀ interface฀invocation? •฀ How฀much฀consumer฀functionality฀really฀requires฀automation?฀ •฀ How฀much฀consumer฀functionality฀can฀be฀or฀has฀to฀be฀manual฀ depending฀on฀either฀pay-off฀or฀the฀difficulty฀of฀automation?

It’s important to figure out how much service orientation is ‘optimal’ because once the optimal point is crossed the return on investment drops or the return doesn’t grow proportionate to the investment the฀steps฀might฀fail฀and฀require฀a฀rollback.฀The฀rollback฀policy฀ would฀decide฀how฀the฀rollback฀should฀be฀done.฀The฀rollback฀ policy฀would฀specify฀at฀what฀points฀in฀the฀process฀the฀rollback฀ would฀be฀done฀(rollback฀gates)฀and฀what฀the฀rollback฀granularity฀is฀(for฀example,฀do฀all฀the฀steps฀have฀to฀be฀rolled฀back฀ or฀only฀a฀few฀selected฀block฀of฀steps).฀In฀this฀case,฀it’s฀possible฀ to฀develop฀the฀rollback฀components฀in฀the฀business฀process,฀ however,฀they฀tend฀to฀be฀overly฀complex฀and฀require฀a฀lot฀of฀effort฀(relative฀to฀the฀effort฀spent฀in฀developing฀the฀process฀itself ),฀ since฀the฀processes฀have฀to฀check฀the฀context฀in฀which฀the฀failure฀occurred฀and฀try฀to฀restore฀the฀original฀context.฀So,฀it฀makes฀ more฀sense฀to฀notify฀the฀operator฀when฀a฀failure฀has฀occurred฀ and฀provide฀manual฀intervention฀to฀fix฀the฀problem฀and฀leave฀ the฀rollback฀path฀completely฀manual.฀ •฀ How฀much฀provider฀functionality฀can฀be฀or฀has฀to฀be฀manual฀ depending฀on฀either฀the฀pay-off฀or฀difficulty฀of฀automation?฀The฀ essential฀lesson฀is฀that฀automation฀isn’t฀a฀panacea฀for฀every฀problem.฀While฀automation฀can฀provide฀added฀support฀to฀increase฀ productivity฀when฀used฀with฀due฀diligence,฀it฀can฀be฀overkill฀in฀ scenarios฀that฀require฀logic฀and฀reasoning฀and฀span฀multiple฀ subsystems.฀For฀example,฀it฀might฀be฀very฀hard,฀if฀not฀impossible,฀to฀develop฀a฀rollback฀process฀when฀multiple฀subsystems฀are฀ involved,฀since฀the฀process฀has฀to฀check฀and฀roll฀back฀the฀states฀of฀ each฀of฀the฀products฀involved.฀This฀assumes฀that฀each฀and฀every฀ subsystem฀do฀the฀same.

12฀฀June฀2006

Services ฀ Services฀are฀any฀functionality฀provided฀by฀a฀provider฀to฀a฀consumer฀following฀classical฀definitions.฀It’s฀usual฀practice฀to฀realize฀ these฀services฀using฀either฀software฀assets฀(or฀code)฀or฀business฀ processes.฀It’s฀also฀possible฀for฀these฀services฀to฀be฀leaf-level฀ (atomic฀services)฀or฀composite฀(or฀aggregate฀or฀group฀of฀leaf-level฀ services).฀ ฀ Some฀of฀the฀important฀points฀in฀this฀regard฀are฀as฀follows: •฀ How฀many฀services฀have฀to฀be฀automated?฀ •฀ How฀many฀services฀are฀necessarily฀manual฀(due฀either฀to฀the฀difficulty฀of฀automation฀or฀the฀complexity฀involved฀in฀automating฀ them฀or฀due฀to฀leaving฀them฀manual฀since฀they฀aren’t฀“in฀focus”฀ or฀key฀services)? •฀ How฀many฀services฀are฀expected฀to฀be฀called฀from฀outside฀(B2B฀ services)฀and฀have฀to฀be฀registered฀on฀external฀registries฀like฀ UDDI? •฀ How฀many฀services฀are฀expected฀to฀be฀called฀from฀the฀intranet฀ and฀have฀to฀be฀registered฀in฀the฀internal฀or฀corporate฀registry? •฀ How฀many฀services฀don’t฀have฀to฀be฀reusable฀or฀are฀legacy,฀and฀ are฀meant฀only฀for฀internal฀consumption.฀These฀services฀can฀ be฀made฀directly฀invocable฀without฀a฀complete฀registry฀lookup฀ optimizing฀performance. •฀ How฀many฀services฀have฀to฀be฀developed฀using฀code฀and฀how฀ many฀using฀business฀processes? •฀ What฀are฀the฀service฀discovery฀mechanisms?฀Is฀it฀necessary฀to฀

www.WSJ2.com

SERVICE-ORIENTED฀ ARCHITECTURE

support฀only฀registry฀lookup฀or฀is฀it฀also฀necessary฀to฀support฀advertising฀and฀use฀the฀protocol฀for฀service฀discovery?฀Use฀advertising฀and฀acceptance฀only฀with฀external฀services. •฀ Use฀consequential฀services฀or฀time-bound฀services฀where฀possible.฀ This฀reduces฀the฀load฀on฀the฀registry฀and฀improves฀performance.

Business Precesses and Best Practices Applications

Registry/Repository •฀ Is฀it฀necessary฀to฀support฀an฀internal฀registry?฀ •฀ Is฀it฀necessary฀to฀include฀interfaces฀in฀the฀external฀registry? •฀ What฀is฀the฀structure฀of฀the฀metadata?฀By฀identifying฀the฀basic฀information฀structure฀operated฀together,฀it’s฀possible฀to฀arrive฀at฀a฀suitable฀ granularity฀for฀the฀metadata.฀For฀example,฀if฀it’s฀necessary฀to฀operate฀ on฀the฀customer฀as฀an฀entity฀with฀all฀the฀associated฀attributes,฀it’s฀possible฀to฀increase฀performance,฀but฀it฀would฀impact฀granularity.฀ •฀ A฀registry฀typically฀stores฀all฀the฀information฀relevant฀to฀the฀SOA฀ implementation฀–฀from฀basic฀interface฀contract฀definitions฀to฀ more฀sophisticated฀meta-service฀templates.฀The฀following฀provide฀some฀decision฀points฀in฀this฀process: >฀The฀first฀step฀is฀identifying฀the฀data฀that฀has฀to฀be฀stored฀in฀the฀ repository. >฀฀Which฀interface฀contracts฀have฀to฀be฀global฀and฀so฀go฀into฀the฀ global฀repository฀and฀which฀interface฀contracts฀have฀to฀be฀local฀ and฀go฀into฀the฀local฀store? >฀฀Does฀the฀interface฀contract฀comply฀with฀any฀standards? >฀฀Does฀the฀interface฀contract฀support฀advertising฀and฀accepting?฀ For฀example,฀if฀a฀specific฀provider฀provides฀an฀“advertising”฀ mechanism฀for฀service฀discovery,฀does฀the฀interface฀contract฀ support฀the฀scheme?฀Are฀the฀advertising฀and฀accepting฀mechanisms฀validated฀for฀“clear฀requirements”฀or฀is฀it฀possible฀to฀use฀ direct฀invocation฀for฀such฀services฀as฀well?฀

Broker •฀ Do฀we฀need฀a฀broker?฀How฀much฀metadata฀has฀to฀be฀stored฀and฀ accessed฀from฀the฀broker?฀If฀there฀are฀only฀a฀few฀services,฀it฀may฀ be฀a฀good฀idea฀to฀use฀a฀homegrown฀broker฀or฀a฀simple฀registerlookup฀broker.฀However,฀if฀there฀are฀lots฀of฀services,฀it฀may฀be฀ necessary฀to฀use฀a฀standard฀broker.฀The฀sophistication฀of฀the฀ broker฀depends฀on฀the฀number฀of฀services,฀among฀other฀things.

Integration฀Media •฀ What฀is฀the฀integration฀media?฀Do฀we฀really฀need฀a฀sophisticated฀ ESB?฀Can฀we฀make฀do฀with฀simple฀Open฀Source฀middleware฀or฀ can฀we฀use฀simple฀homegrown฀middleware?฀These฀are฀some฀of฀ the฀questions฀that฀help฀in฀identifying฀the฀level฀of฀sophistication฀ required฀in฀the฀integration฀media.฀ •฀ What฀is฀the฀level฀of฀security฀to฀be฀supported? ฀ Even฀if฀we฀use฀http฀over฀LAN,฀we฀can฀still฀comply฀with฀SOA฀ principles,฀it’s฀just฀a฀matter฀of฀business฀requirement.฀SOA฀doesn’t฀ mandate฀any฀specific฀integration฀media.

Maturity฀of฀an฀Organization฀versus฀SOA ฀ The฀maturity฀of฀an฀organization฀is฀usually฀measured฀in฀its฀performance฀against฀a฀specific฀set฀of฀goals.฀These฀goals฀are฀business฀ drivers฀that฀help฀in฀defining฀the฀scope฀of฀the฀organizational฀focus,฀ which฀is฀always฀on฀meeting฀business฀goals฀and฀includes,฀among฀the฀ other฀things,฀increasing฀profits฀and฀reducing฀risks. ฀ So,฀to฀comply฀with฀the฀maturity฀models฀existing฀in฀the฀industry,฀it’s฀ necessary฀for฀an฀organization฀to฀meet฀some฀or฀all฀of฀the฀SOA฀principles฀in฀such฀a฀way฀as฀to฀maximize฀its฀applicability฀to฀the฀business.

14฀฀June฀2006

Infrasturcture Figure฀2:฀SOA฀solution฀view

฀ As฀we฀can฀see฀in฀Figure฀2,฀the฀SOA฀solution฀consists฀of฀multiple฀ components฀–฀an฀infrastructure฀layer,฀a฀set฀of฀applications,฀a฀set฀of฀ business฀processes,฀and฀best฀practices.฀Though฀expertise฀in฀SOA฀ architecture฀is฀the฀foundation฀of฀the฀overall฀solution,฀the฀other฀ components,฀namely฀the฀business฀process฀expertise฀and฀applications฀expertise,฀are฀absolutely฀required฀to฀arrive฀at฀an฀end-to-end฀ solution฀to฀the฀problem฀at฀hand.฀ ฀ As฀we฀can฀see,฀the฀maturity฀of฀an฀organization฀is฀reflected฀in฀the฀ effectiveness฀with฀which฀it฀meets฀its฀goals,฀and฀so฀increases฀its฀profits฀ and฀reduces฀its฀risks.฀Maturity฀can’t฀be฀inferred฀by฀activity฀per฀se,฀but฀it฀ can฀be฀inferred฀in฀the฀way฀an฀activity฀is฀done.฀However,฀it’s฀necessary฀ to฀keep฀in฀mind฀that฀the฀set฀of฀activities฀needed฀to฀meet฀business฀goals฀ are฀always฀specific฀to฀the฀organization฀and฀specific฀to฀every฀enterprise.฀ Once฀an฀organization฀has฀stated฀its฀goals,฀plans,฀and฀activities,฀maturity฀is฀the฀measure฀of฀how฀well฀these฀activities฀are฀done. ฀ In฀this฀context,฀we฀have฀to฀keep฀in฀mind฀that฀every฀business฀has฀to฀ align฀its฀business฀goals฀with฀its฀IT฀capabilities.฀Even฀a฀small฀teashop฀ has฀to฀do฀business-IT฀alignment,฀and฀even฀a฀huge฀organization฀does฀ the฀same฀business-IT฀alignment.฀However,฀a฀small฀organization฀ can฀use฀manual฀processes฀(that฀may฀or฀may฀not฀be฀documented/ standardized)฀and฀a฀huge฀corporation฀can฀use฀a฀lot฀of฀automated฀ processes.฀To฀decide฀which฀company฀is฀more฀mature,฀it’s฀necessary฀to฀ weigh฀the฀execution฀of฀the฀business฀activities฀to฀meet฀the฀goals฀in฀the฀ context฀of฀the฀size฀of฀the฀business.฀A฀good฀maturity฀study฀may฀conclude฀that฀a฀small฀company฀with฀a฀few฀employees฀is฀better฀aligned฀to฀ SOA฀than฀a฀huge฀corporation฀with฀lots฀of฀employees. ฀ One฀must฀also฀keep฀in฀mind฀that฀every฀huge฀corporation฀is฀the฀ result฀of฀a฀sustained฀existence฀in฀business,฀improving฀on฀itself฀year฀ after฀year.฀A฀big฀modern฀corporation฀was฀once฀a฀small฀company.฀ Hence฀the฀rules฀for฀SOA฀maturity฀should฀be฀interpreted฀in฀the฀light฀ of฀the฀size฀of฀the฀organization,฀the฀documented฀business฀goals฀or฀ practices,฀and฀expected฀future฀plans.

Summary ฀ In฀today’s฀context,฀it’s฀good฀to฀understand฀clearly฀what฀SOA฀can฀do฀ and฀what฀it฀is.฀And฀it’s฀more฀important฀to฀understand฀how฀much฀SOA฀ is฀enough฀for฀a฀given฀organization.฀In฀other฀words,฀the฀optimum฀application฀of฀SOA฀can฀result฀in฀enormous฀savings฀and฀return฀for฀an฀organization.฀Beyond฀the฀optimum฀point,฀any฀SOA฀application฀would฀ only฀bring฀limited฀results.฀We฀attempted฀to฀throw฀some฀light฀on฀some฀ of฀the฀important฀factors฀to฀be฀considered฀in฀making฀this฀decision.฀฀ About฀the฀Author Raghu฀Anantharangachar฀is฀a฀senior฀solution฀architect฀with฀the฀Hewlett฀Packard฀Global฀ Delivery฀India฀Centre,฀Bangalore.฀He฀is฀associated฀with฀the฀SOA฀Center฀of฀Excellence,฀and฀as฀ well฀the฀Technology฀Innovation฀Leadership฀Group฀at฀HP.฀Raghu฀has฀a฀bachelor’s฀degree฀in฀ computer฀science฀and฀engineering฀from฀Bangalore฀University฀and฀a฀master’s฀degree฀in฀industrial฀management฀from฀the฀Indian฀Institute฀of฀Science,฀Bangalore.

www.WSJ2.com

INTEGRATION

SOA฀ Data฀Strategy Vital฀to฀a฀successful฀SOA฀transformation฀ WRITTEN฀BY฀TIEU฀LUU,฀RIAD฀ASSIR,฀AND฀SANDEEP฀MARIPURI

The฀adoption฀of฀Service฀Oriented฀Architecture฀(SOA)฀promises฀to฀further฀decouple฀monolithic฀applications฀by฀decomposing฀business฀functions฀and฀processes฀into฀discrete฀services.฀ While฀this฀makes฀enterprise฀computing฀assets฀more฀accessible฀ and฀reusable,฀SOA฀implementation฀patterns฀are฀primarily฀an฀ iteration฀over฀previous฀application฀development฀models.฀Like฀ most฀application฀development฀evolutions,฀SOA฀approaches฀ inject฀more฀layers฀and฀fl฀exibility฀into฀the฀application฀tier,฀but฀ have฀often฀neglected฀the฀most฀fundamental฀building฀block฀of฀ all฀applications:฀the฀underlying฀data.฀

Current฀Data฀Environment฀of฀Most฀IT฀Organizations฀

�

he฀condition฀of฀a฀typical฀organization’s฀data฀environment฀is฀ usually฀not฀where฀it฀needs฀to฀be฀before฀the฀organization฀can฀ begin฀a฀SOA฀transformation฀–฀from฀an฀enterprise฀perspective,฀ there’s฀often฀a฀lack฀of฀authoritative฀sources฀and฀a฀wide฀array฀of฀technologies฀used฀for฀storing฀and฀processing฀data.฀Generally,฀there’s฀no฀ single฀system฀that฀offers฀a฀complete฀view฀of฀the฀organization’s฀core฀ business฀objects,฀since฀most฀large฀IT฀organizations฀have฀their฀core฀ enterprise฀data฀spread฀out฀and฀replicated฀across฀multiple฀stovepiped฀systems.฀Each฀system฀in฀an฀enterprise฀often฀maintains฀data฀

16฀฀June฀2006

within฀its฀specifi฀c฀context฀rather฀than฀the฀context฀of฀the฀enterprise.฀ Data฀quality฀and฀interoperability฀issues฀abound,฀especially฀when฀ data-consuming฀systems฀access฀a฀variety฀of฀data-producing฀systems,฀each฀of฀which฀maintains฀an฀isolated฀view฀of฀enterprise฀data.฀ These฀differences฀lead฀to฀inconsistencies฀and฀inaccurate฀views฀of฀ the฀business฀processes.฀Figure฀1฀illustrates฀these฀data฀access฀and฀ management฀challenges฀impacting฀SOA฀transition฀initiatives. ฀ An฀SOA฀transformation฀amplifi฀es฀and฀exacerbates฀an฀organization’s฀existing฀data฀problems.฀Because฀of฀the฀integrated฀nature฀of฀ SOA-based฀applications,฀an฀organization฀will฀be฀building฀on฀top฀ of฀a฀very฀weak฀foundation฀unless฀it฀fi฀rst฀addresses฀the฀issues฀with฀ its฀current฀data฀environment.฀This฀is,฀in฀many฀ways,฀analogous฀to฀ constructing฀a฀high-rise฀building฀on฀top฀of฀a฀landfi฀ll. ฀ Consider฀the฀lack฀of฀authoritative฀enterprise฀sources฀as฀an฀illustrative฀example.฀Suppose฀that฀in฀an฀organization’s฀supply฀chain฀systems’฀ portfolio฀there฀are฀fi฀ve฀systems฀that฀hold฀supplier฀information฀internally.฀Each฀of฀these฀can฀be฀considered฀a฀legitimate฀source฀of฀supplier฀ data฀within฀the฀owning฀department.฀When฀building฀a฀service฀to฀share฀ supplier฀data,฀where฀should฀the฀source฀of฀supplier฀data฀be?฀ •฀ One฀of฀the฀fi฀ve฀current฀systems฀that฀have฀their฀own฀copy฀of฀the฀ supplier฀data?฀If฀so,฀which฀one?฀ •฀ A฀new฀database฀that’s฀created฀for฀this฀specifi฀c฀purpose?฀How฀does฀ this฀data฀source฀relate฀to฀the฀existing฀sources? •฀ Does฀data฀have฀to฀come฀concurrently฀from฀all฀of฀the฀fi฀ve฀databases?฀ ฀ Each฀of฀these฀solutions฀has฀their฀pros฀and฀cons;฀there’s฀no฀right฀ or฀wrong฀approach.฀The฀point฀is฀that฀these฀data฀issues฀must฀be฀ resolved฀before฀an฀implementation฀team฀can฀proceed.฀By฀the฀time฀ the฀implementation฀team฀takes฀over฀and฀begins฀building฀the฀requisite฀services฀and฀infrastructure฀these฀kinds฀of฀questions฀should฀be฀

www.WSJ2.com

answered฀already฀by฀the฀organization฀at฀the฀business฀level.฀Unless฀ they฀are฀these฀data฀issues฀will฀often฀perpetuate฀and฀hamper฀the฀ benefits฀of฀creating฀services฀that฀share฀data.฀In฀other฀words,฀a฀service฀may฀end฀up฀sharing฀an฀incomplete฀set฀of฀data฀or,฀worse,฀exhibit฀ incorrect฀behavior฀because฀it’s฀not฀working฀with฀the฀“right”฀data.฀

Target฀Vision฀of฀Data฀Environment฀in฀a฀SOA฀ ฀ The฀way฀an฀organization฀thinks฀about฀applications฀and฀data฀ must฀evolve฀–฀it฀must฀stop฀thinking฀about฀data฀as฀a฀second-class฀ citizen฀that฀only฀supports฀specific฀applications฀and฀begin฀to฀recognize฀data฀as฀a฀standalone฀asset฀that฀has฀both฀value฀and฀utility.฀ Organizations฀should฀establish฀their฀data฀environments฀with฀“hubs฀ of฀specific฀data฀families”฀that฀expose฀data฀services฀that฀comply฀with฀ industry฀standards฀and฀service฀contracts.฀The฀goal฀is฀to฀create฀a฀set฀ of฀services฀that฀becomes฀the฀authoritative฀way฀to฀access฀enterprise฀ data.฀In฀this฀target฀service-oriented฀environment,฀applications฀and฀ data฀work฀together฀as฀peers.฀Thus,฀both฀an฀organization’s฀business฀ functionality฀and฀data฀can฀be฀leveraged฀as฀enterprise฀assets฀that฀are฀ reusable฀across฀multiple฀departments฀and฀lines฀of฀business.฀This฀ target฀vision,฀illustrated฀in฀Figure฀2,฀enables฀the฀following฀desired฀ characteristics฀of฀the฀enterprise’s฀data฀environment: •฀ Single฀logical฀sources฀from฀which฀to฀get฀a฀complete฀view฀of฀the฀ enterprise฀data฀objects •฀ Increased฀awareness฀of฀the฀profile฀and฀characteristics฀of฀the฀data฀ in฀the฀enterprise •฀ Improved฀data฀quality฀across฀the฀enterprise฀ •฀ Enforced฀data฀standards฀by฀using฀a฀data฀services฀layer฀ •฀ Data฀that’s฀clearly฀visible฀and฀readily฀accessible฀ •฀ Reduced฀reliance฀on฀custom฀interfaces฀and฀proprietary฀formats฀ •฀ Clearly฀identified฀authoritative฀data฀sources฀that฀are฀effectively฀ used฀throughout฀the฀enterprise฀ •฀ Security฀that’s฀“baked฀into”฀the฀solution,฀and฀not฀an฀afterthought฀ •฀ Data฀that’s฀easily฀discoverable฀by฀potential฀consumers฀across฀the฀ organization

they฀see฀fit฀and฀these฀changes฀can฀ripple฀across฀other฀divisions฀and฀ ultimately฀impact฀the฀interoperability฀of฀the฀enterprise฀as฀a฀whole. ฀ Without฀a฀definition฀of฀enterprise฀ownership฀and฀stewardship฀ of฀the฀data฀controlling฀such฀changes฀are฀difficult.฀So฀an฀SOA฀data฀ strategy฀should฀include฀establishing฀an฀enterprise฀data฀management฀function฀as฀the฀data฀governance฀mechanism.฀A฀centralized฀ management฀function฀is฀needed฀to฀treat฀data฀as฀an฀enterprise฀ asset฀instead฀of฀as฀the฀assets฀of฀individual฀departments.฀The฀group฀ responsible฀for฀this฀function฀addresses฀data฀issues฀and฀establishes฀ policies฀and฀processes฀that฀cut฀across฀multiple฀departments.฀The฀ responsibilities฀of฀such฀a฀group฀should฀include: •฀ Defining฀the฀roles฀and฀responsibilities฀of฀data฀producers฀and฀data฀ consumers฀across฀the฀enterprise฀ •฀ Deciding฀the฀issue฀of฀data฀stewardship฀—฀“who’s฀in฀charge฀of฀ managing฀this฀particular฀data฀family?”฀ •฀ Vetting฀and฀institutionalizing฀logical฀and฀physical฀models฀ •฀ Establishing฀policies฀and฀compliance฀guidelines฀for฀adhering฀to฀ data฀standards฀chosen฀by฀the฀enterprise •฀ Mandating฀the฀use฀of฀specific฀schemas฀as฀the฀format฀for฀exchanging฀core฀enterprise฀data฀ •฀ Establishing฀processes฀for฀exceptions,฀changes฀to฀standards,฀version฀control฀of฀models,฀and฀changing฀control฀procedures฀ •฀ Mandating฀the฀use฀of฀specific฀services฀as฀authoritative฀sources฀for฀ the฀data฀objects/families฀that฀they฀serve.฀

TYPICAL฀DATA฀ENVIRONMENT฀IN฀A฀LARGE฀ORGANIZATION

SOA฀Data฀Strategy ฀ A฀comprehensive฀strategy฀that฀defines฀how฀the฀enterprise’s฀data฀ should฀be฀managed฀in฀an฀SOA฀environment฀is฀needed฀to฀achieve฀ the฀target฀vision.฀This฀strategy฀addresses฀issues฀such฀as฀data฀governance,฀data฀modeling฀from฀an฀enterprise฀SOA฀perspective,฀data฀ quality,฀security,฀and฀technology฀solutions฀such฀as฀data฀services.

Data฀Governance฀ ฀ Governance฀is฀often฀cited฀as฀an฀important฀ part฀of฀SOA.฀However,฀this฀generally฀refers฀to฀ the฀governance฀of฀services฀and฀not฀the฀data฀ shared฀through฀services.฀Just฀as฀proper฀governance฀of฀services฀is฀critical฀to฀an฀SOA,฀proper฀ governance฀of฀the฀data฀is฀equally,฀if฀not฀more฀ important.฀Many฀of฀the฀problems฀associated฀ with฀an฀organization’s฀data฀environment฀can’t฀ be฀solved฀through฀technology฀solutions฀alone.฀ Decisions฀and฀policies฀must฀be฀issued฀at฀the฀ organizational฀level฀that฀can฀then฀be฀implemented฀through฀the฀technology.฀For฀example,฀ the฀absence฀of฀an฀enterprise฀data฀ownership฀ concept฀is฀a฀classic฀data฀governance฀issue.฀ Different฀divisions฀in฀an฀organization฀control฀ the฀data฀within฀their฀own฀system฀boundaries.฀They฀can฀make฀changes฀to฀that฀data฀as฀

www.WSJ2.com

Figure฀1:฀Weak฀data฀foundation฀for฀a฀SOA฀

Figure฀2:฀Target฀vision฀for฀a฀SOA฀data฀environment

June฀2006฀฀17฀฀

INTEGRATION

Enterprise฀Data฀Models฀ ฀ To฀realize฀the฀target฀data฀environment,฀some฀agreement฀is฀needed฀ about฀which฀core฀data฀elements฀and฀structural฀business฀rules฀are฀ represented฀by฀those฀services฀accessing฀them.฀While฀it’s฀possible฀to฀ implement฀services฀on฀top฀of฀the฀current฀data฀sources฀by฀leveraging฀the฀existing฀data฀models฀in฀those฀systems,฀this฀is฀not฀optimal.฀ Such฀an฀approach฀will฀continue฀to฀proliferate฀non-authoritative฀data฀ sources,฀each฀with฀its฀own฀model฀designed฀to฀support฀specific฀needs฀ without฀enterprise-level฀consistency.฀When฀creating฀the฀enterprise฀ data฀models,฀an฀organization฀must฀shift฀away฀from฀modeling฀the฀ data฀from฀a฀systems-only฀perspective.฀In฀other฀words,฀the฀organization฀must฀look฀at฀the฀data฀families฀themselves฀and฀focus฀less฀on฀the฀ details฀of฀the฀specific฀applications฀that฀are฀using฀them. ฀ How฀does฀an฀organization฀make฀this฀shift?฀First,฀it฀must฀decide฀ on฀its฀“core”฀data฀families,฀which฀are฀sometimes฀also฀referred฀to฀as฀ “master”฀data.฀Core฀data฀is฀relatively฀easy฀to฀deduce,฀given฀a฀general฀ understanding฀of฀the฀key฀business฀processes.฀For฀example,฀the฀ “supplier”฀data฀family฀in฀a฀supply฀chain฀business฀could฀be฀considered฀core฀data.฀While฀it฀may฀be฀tempting฀to฀model฀every฀core฀data฀ family฀in฀full฀detail,฀it฀may฀be฀wiser฀to฀identify฀“a฀good฀first฀set”฀and฀ begin฀with฀that.฀A฀good฀approach฀is฀to฀simply฀tackle฀the฀obvious฀ core฀data฀families฀first,฀learn฀from฀the฀experience,฀and฀then฀apply฀ those฀lessons฀learned฀to฀model฀the฀rest฀of฀the฀data. ฀ Next,฀the฀enterprise฀model฀must฀decide฀which฀data฀elements฀are฀ strategic฀for฀operational,฀reporting,฀and฀accountability฀purposes,฀ and฀which฀are฀relevant฀only฀to฀one฀or฀several฀subsets฀of฀the฀business.฀Common฀strategic฀data฀should฀be฀thought฀of฀as฀the฀subset฀of฀ fields฀that฀any฀application฀that฀uses฀this฀data฀family฀can฀fully฀support.฀All฀the฀other฀data฀attributes฀should฀be฀considered฀“optional,”฀ even฀if฀they’re฀critical฀to฀certain฀applications.฀In฀the฀supply฀chain฀ example,฀“supplier฀performance”฀isn’t฀part฀of฀the฀core฀data฀but฀it฀ may฀be฀critical฀to฀one฀or฀two฀systems฀in฀the฀organization.฀Since฀ the฀enterprise฀data฀model฀is฀applicable฀to฀the฀entire฀organization,฀ the฀standard฀would฀always฀expect฀the฀core฀data฀to฀be฀provided.฀It฀ should฀also฀give฀each฀system฀the฀flexibility฀to฀be฀extended฀with฀additional฀data฀that’s฀relevant฀to฀its฀own฀purpose.฀

Technical฀Considerations฀ ฀ SOA฀implementations฀usually฀exhibit฀decentralized฀federated฀topologies.฀So฀the฀ability฀to฀merge฀data฀properly฀and฀enable฀authorized฀ enterprise-wide฀access฀are฀necessary฀to฀ensure฀that฀information฀can฀ be฀leveraged฀to฀support฀enterprise฀objectives.฀Enabling฀these฀capabilities฀presents฀numerous฀challenges฀in฀the฀areas฀of฀data฀quality,฀security,฀ and฀the฀data฀services฀architecture.฀The฀next฀sections฀describe฀some฀of฀ these฀challenges฀and฀provide฀recommendations฀for฀addressing฀them.

Data฀Quality฀ ฀ SOA฀initiatives฀often฀focus฀on฀the฀implications฀of฀connecting฀ disparate฀systems.฀A฀fundamental฀concern฀of฀implementing฀such฀ connections฀is฀how฀to฀ensure฀that฀the฀data฀exchanged฀is฀accurate,฀ meaningful,฀and฀understandable฀by฀all฀participating฀parties.฀Users,฀ consuming฀services,฀and฀data฀sources฀all฀operate฀as฀peers฀in฀an฀SOA.฀ These฀peers฀will฀often฀use฀data฀in฀new฀and฀unanticipated฀ways.฀So฀it฀ becomes฀increasingly฀difficult฀to฀serve฀meaningful฀information฀without฀normalizing฀existing฀data฀assets.฀This฀includes฀not฀just฀schematic฀ normalization,฀but฀instance-level฀de-confliction฀as฀well. ฀ To฀this฀end,฀data฀quality฀studies฀are฀paramount฀in฀ensuring฀the฀ success฀of฀a฀SOA฀implementation.฀Typically฀this฀includes฀understanding฀what฀data฀is฀available,฀where฀this฀data฀is฀located,฀and฀what฀ state฀it’s฀in:

18฀฀June฀2006

•฀ What฀types฀of฀data฀are฀used฀in฀the฀enterprise฀and฀for฀what฀purpose? •฀ What฀underlying฀quality฀issues฀can฀be฀identified฀based฀on฀design฀ metadata฀and฀current฀business฀rules? •฀ What฀kinds฀of฀data฀are฀core฀to฀the฀business฀and฀what฀are฀ancillary฀ or฀only฀necessary฀for฀augmented฀records? •฀ For฀core฀data,฀how฀many฀non-SOA฀systems฀currently฀store฀this฀ data฀and฀in฀what฀format? •฀ For฀core฀data,฀what฀are฀the฀instance-level฀values฀for฀data฀records฀ and฀to฀what฀extent฀are฀they฀different฀across฀systems? •฀ What฀are฀the฀intended฀semantics,฀or฀business฀meaning,฀encoded฀ in฀the฀data฀structures฀and฀values? •฀ Is฀any฀of฀this฀data฀stale฀or฀outdated?฀Is฀any฀of฀it฀incorrect?฀Has฀any฀ of฀it฀been฀improperly฀imported?

Resolving฀Data฀Conflicts ฀ Besides฀these฀scoping฀and฀profiling฀exercises฀to฀manage฀data฀ quality,฀it’s฀also฀imperative฀to฀resolve฀value-level฀conflicts฀that฀exist฀ in฀the฀data.฀These฀conflicts฀can฀be฀categorized฀into฀three฀major฀ types฀(C.H.฀Goh,฀“Representing฀and฀Reasoning฀about฀Semantic฀ Conflicts฀in฀Heterogeneous฀Information฀Systems,”฀Sloan฀School฀of฀ Management,฀Massachusetts฀Institute฀of฀Technology,฀16-22,฀January฀1997.): •฀ Structural฀and฀Formatting฀Conflicts:฀Conflicts฀in฀the฀formats฀of฀ the฀data฀values฀and฀schemas฀used฀for฀structuring฀and฀organizing฀ the฀data.฀Some฀examples฀of฀structural฀and฀formatting฀conflicts฀ include฀type฀conflicts฀in฀which฀different฀data฀types฀are฀used฀to฀ represent฀the฀same฀element.฀For฀example,฀customer฀ID฀is฀stored฀ as฀a฀double฀in฀one฀system฀and฀as฀a฀string฀in฀another฀system.฀ Another฀example฀is฀labeling฀conflicts฀where฀similar฀concepts฀are฀ labeled฀differently฀such฀as฀“supplier”฀versus฀“vendor.” •฀ Semantic฀conflicts:฀Conflicts฀in฀how฀the฀meanings฀of฀certain฀data฀ values฀are฀interpreted.฀Examples฀of฀semantic฀conflicts฀include฀ naming฀in฀which฀the฀same฀concept฀is฀expressed฀with฀different฀ values.฀This฀is฀similar฀to฀the฀labeling฀conflict฀but฀occurs฀in฀the฀ data฀value,฀whereas฀with฀labeling,฀the฀conflict฀is฀in฀the฀label฀on฀ the฀data฀structure฀(metadata).฀The฀significance฀of฀this฀difference฀ is฀that฀with฀the฀semantic฀naming฀conflict,฀detection฀and฀resolution฀may฀be฀more฀difficult,฀and฀the฀detection฀and฀resolution฀ mechanism฀has฀to฀be฀applied฀multiple฀times฀over฀the฀entire฀set฀of฀ values. •฀ Intensional฀conflicts:฀Conflicts฀arising฀when฀consumer฀assumptions฀and฀expectations฀of฀data฀content฀differ฀from฀those฀of฀data฀ producers.฀These฀conflicts฀are฀prevalent฀when฀structural฀representations฀are฀identical฀but฀the฀data฀domains฀that฀are฀encapsulated฀in฀these฀structures฀vary฀with฀the฀data฀producers.฀Intensional฀ conflicts฀often฀arise฀when฀varying฀producers฀have฀fundamentally฀ different฀conceptions฀of฀integrity฀constraints฀between฀related฀ entities:฀cardinality,฀nillability,฀or฀uniqueness. ฀ These฀data฀conflicts฀can฀often฀be฀addressed฀by฀using฀commercial฀ data฀management฀tools฀and฀methodologies,฀as฀well฀as฀enterprise฀ data฀modeling฀software.฀Another฀emerging฀possibility฀is฀semantics-centric฀modeling฀environments.฀Instead฀of฀hard-coding฀data฀ cleansing฀routines,฀these฀tools฀use฀a฀semantic฀description฀of฀the฀ enterprise฀–฀the฀business฀concepts฀and฀relationships฀between฀those฀ concepts,฀as฀well฀as฀any฀business฀rules฀governing฀the฀relationships฀ –฀and฀provide฀a฀mechanism฀to฀describe฀how฀legacy฀systems฀support฀ the฀semantics฀of฀the฀enterprise.฀This฀useful฀abstraction฀lets฀the฀ enterprise฀deterministically฀identify฀how฀each฀enterprise฀data฀as-

www.WSJ2.com

"Everyone wants faster, better, cheaper. We thought they might appreciate smarter, too." Entering the integration market we had three advantages: we knew the costs and hassles of traditional integration solutions were limiting their adoption, we saw that a standards-based service oriented architecture would solve these problems, and we had the world’s most ® scalable enterprise messaging server, SonicMQ , as a core

technology. We combined SonicMQ’s performance and security with Web services, XML transformation, intelligent routing and a new distributed deployment and management infrastructure to develop the world’s first Enterprise Services Bus, Sonic ESB™. With it businesses can easily integrate existing and future applications

to

create

unprecedented

business

agility,

and they can start today knowing they can scale to meet tomorrow’s needs. We call it incremental integration. It’s smarter. It’s also faster, better and cheaper.

Gordon Van Huizen, Sonic Software

INTEGRATION

Like a high-rise on a landfill, an organization will be building on top of a very weak foundation unless it first addresses the issues with its data set฀supports฀the฀enterprise฀business฀functions,฀as฀well฀as฀any฀gaps฀ between฀the฀enterprise฀semantic฀model฀and฀the฀underlying฀data฀ representation฀schemes.฀This฀modeling฀approach฀can฀then฀be฀used฀ to฀determine฀where฀physical฀data฀conflicts฀or฀duplications฀may฀ exist,฀as฀well฀as฀forward฀engineer฀data฀consolidation฀and฀cleansing฀ scripts.

well฀as฀the฀specific฀operation฀requested.฀The฀data฀service฀then฀ delegates฀the฀decision฀to฀each฀data฀source฀so฀they฀can฀authorize฀access฀to฀their฀specific฀data฀object(s).฀Thus,฀coarse-grained฀ decisions฀are฀made฀at฀the฀enterprise฀level฀while฀finer-grained฀ decisions฀use฀data฀source-specific฀profiles฀and฀policies฀that฀aren’t฀ exposed฀to฀the฀enterprise.

Data฀Access฀Controls

Data฀Services฀Architecture฀

฀ In฀traditional฀application฀architectures,฀data฀access฀security฀is฀ typically฀governed฀by฀application-specific฀mechanisms.฀In฀this฀ environment,฀each฀source฀has฀its฀own฀set฀of฀users,฀roles,฀and฀access฀ control฀policies.฀Which฀means฀that฀user฀profiles,฀roles,฀and฀access฀ control฀policies฀lack฀consistency฀across฀the฀enterprise.฀An฀SOA฀ environment฀magnifies฀this฀problem฀by฀making฀data฀sources฀visible฀ across฀the฀organization.฀So฀it฀becomes฀increasingly฀important฀to฀ move฀away฀from฀individual฀application-specific฀and฀data฀sourcespecific฀mechanisms฀in฀favor฀of฀enterprise-level฀SOA฀identity฀ management฀and฀access฀control฀mechanisms. ฀ This฀means฀that฀when฀creating฀the฀central฀data฀services฀layer,฀ the฀data฀sources฀must฀rely฀on฀central฀provisioning฀of฀some฀security฀functions฀so฀they฀can฀be฀managed฀centrally.฀The฀challenge฀is฀ in฀finding฀the฀right฀balance฀between฀the฀security฀functions฀that฀ should฀be฀managed฀centrally฀and฀what฀should฀be฀managed฀as฀part฀ of฀the฀data฀sources.฀There฀are฀several฀options฀in฀implementing฀such฀ a฀scheme,฀including฀a฀centrally฀managed฀data฀security฀layer,฀or฀using฀layered฀authorization฀through฀multiple฀policy฀decision฀points฀ (PDP). ฀ With฀the฀central฀management฀option,฀the฀data฀sources฀relinquish฀ security฀and฀rely฀solely฀on฀the฀data฀services฀to฀protect฀the฀access฀to฀ their฀data.฀Within฀each฀data฀source,฀a฀single฀user฀profile฀is฀created฀ for฀the฀data฀service฀that฀has฀full฀access฀to฀the฀data.฀Any฀request฀to฀ the฀data฀through฀this฀service฀is฀authorized฀through฀this฀user฀profile.฀ So฀there’s฀no฀longer฀a฀concern฀about฀whether฀the฀principal’s฀identity฀from฀the฀overarching฀security฀domain฀exists฀or฀means฀anything฀ in฀the฀data฀source.฀However,฀this฀option฀pushes฀security฀checks฀into฀ the฀data฀service฀layer฀and฀reduces฀the฀granularity฀of฀accountability.฀ As฀a฀consequence,฀any฀access฀control฀policies฀from฀the฀data฀source฀ along฀with฀the฀associated฀roles฀and฀privileges฀should฀now฀be฀re-created฀and฀maintained฀at฀the฀central฀enterprise฀points. ฀ In฀contrast,฀layering฀the฀use฀of฀multiple฀policy฀decision฀points฀ encourages฀the฀reuse฀of฀existing฀authorization฀capabilities,฀ user฀profiles,฀and฀access฀control฀policies฀of฀the฀underlying฀data฀ sources.฀This฀approach฀allows฀some฀of฀the฀more฀fine-grained฀access฀control฀decisions฀to฀be฀made฀at฀the฀data฀sources฀rather฀than฀ elevating฀them฀into฀the฀enterprise฀layer.฀Although฀many฀variations฀ exist฀for฀this฀design,฀the฀premise฀is฀that฀different฀layers฀of฀authorization฀with฀multiple฀PDPs฀are฀making฀the฀decisions.฀The฀basic฀ flow฀of฀this฀approach฀is฀as฀follows:฀Authentication฀still฀occurs฀at฀ the฀edge฀using฀enterprise฀authentication฀services.฀Requests฀for฀ data฀originate฀at฀different฀security฀domains฀in฀the฀enterprise.฀A฀ PDP฀in฀each฀of฀these฀domains฀evaluates฀requests฀for฀resources฀in฀ that฀domain.฀When฀a฀data฀service฀is฀invoked฀it฀calls฀the฀enterprise฀ policy฀decision฀point฀to฀authorize฀access฀to฀the฀data฀service฀as฀

฀ From฀an฀architectural฀perspective,฀the฀heart฀of฀this฀solution฀is฀an฀ enterprise฀layer฀that฀logically฀centralizes฀access฀to฀the฀data฀spread฀ across฀the฀enterprise.฀This฀set฀of฀logically฀centralized฀data฀services฀ provides฀several฀architectural฀advantages.฀First,฀the฀enterprise฀can฀ assert฀greater฀control฀over฀the฀governance฀and฀implementation฀of฀ data฀access฀mechanisms.฀Second,฀clients฀use฀a฀consistent฀mechanism฀to฀access฀data.฀Third,฀the฀enterprise฀can฀design฀and฀implement฀a฀solution฀in฀a฀holistic฀fashion฀instead฀of฀the฀typical฀one-off฀ models฀that฀are฀the฀norm฀in฀data฀integration.฀Finally,฀besides฀the฀ basic฀Create,฀Read,฀Update,฀and฀Delete฀(CRUD)฀operations,฀the฀underlying฀architecture฀must฀also฀support฀data฀aggregation,฀inter-service฀transactions,฀and฀multiple฀access฀and฀usage฀patterns,฀all฀while฀ ensuring฀acceptable฀levels฀of฀quality฀of฀service.

20฀฀June฀2006

Data฀Aggregation฀Scenarios ฀ This฀data฀services฀layer฀acts฀as฀a฀façade฀over฀the฀enterprise฀assets฀ –฀it฀logically฀provides฀access฀to฀enterprise฀data฀assets฀in฀a฀singular฀ manner,฀while฀physically฀dispatching฀requests฀and฀aggregations฀ across฀relevant฀co-located฀assets.฀Three฀main฀scenarios฀should฀be฀ considered฀for฀data฀aggregation: •฀ The฀unified฀view฀of฀a฀data฀entity฀is฀defined฀by฀combining฀attributes฀from฀multiple฀sources.฀The฀actual฀data฀of฀that฀view฀is฀also฀ obtained฀by฀combining฀data฀from฀multiple฀sources.฀The฀main฀difficulty฀with฀this฀aggregation฀scenario฀is฀linking฀related฀data฀from฀ multiple฀systems฀that฀may฀not฀share฀unique฀identifiers.฀This฀often฀ requires฀the฀creation฀of฀a฀cross-reference฀table฀to฀link฀related฀ records. •฀ The฀unified฀view฀of฀an฀entity฀is฀derived฀from฀the฀model฀of฀a฀ single฀source.฀However,฀the฀actual฀data฀is฀obtained฀from฀multiple฀ sources฀with฀different฀models.฀The฀main฀difficulty฀here฀is฀an฀ understanding฀of฀de-duplication฀–฀tapping฀multiple฀systems฀to฀ get฀a฀complete฀set฀of฀instance฀data฀can฀result฀in฀multiple฀instance฀ records฀about฀the฀same฀thing.฀In฀this฀case,฀once฀duplicates฀are฀ identified,฀which฀one฀survives฀to฀become฀the฀“golden฀copy”?฀In฀ this฀model,฀identification฀and฀use฀of฀authoritative฀sources฀becomes฀important. •฀ The฀unified฀view฀of฀an฀entity฀is฀partitioned฀across฀multiple฀ instances฀of฀a฀single฀model.฀Data฀distribution฀can฀be฀the฀result฀ of฀planned฀partitioning฀or฀just฀the฀ad฀hoc฀use฀of฀the฀same฀source฀ system฀across฀multiple฀departments฀resulting฀in฀multiple฀instances.฀In฀case฀of฀planned฀partitioning,฀the฀partitioning฀schema฀ can฀be฀used฀to฀optimize฀the฀performance฀of฀the฀data฀access฀layer,฀ while฀in฀the฀case฀of฀ad฀hoc฀distribution฀duplicates฀are฀a฀problem฀ and฀should฀be฀addressed฀through฀the฀use฀of฀authoritative฀data฀ sources.

www.WSJ2.com

INTEGRATION

฀ Some฀of฀these฀aggregation฀capabilities฀can฀be฀supported฀through฀ Enterprise฀Information฀Integration฀(EII)฀technology,฀which฀provides฀ SOA-centric฀capabilities฀for฀accessing฀and฀querying฀co-located฀data฀ in฀real-time.฀EII฀products฀provide฀adapters฀to฀legacy฀data฀sources฀ and฀expose฀their฀underlying฀data฀in฀a฀service-oriented฀fashion.฀ EII฀is฀best฀used฀in฀discrete฀query-based฀mechanisms฀where฀data฀ volumes฀are฀moderate.฀EII฀isn’t฀meant฀to฀be฀a฀replacement฀for฀traditional฀ETL฀(extract,฀transform,฀load),฀EAI฀(enterprise฀application฀ integration),฀or฀MDM฀(master฀data฀management)฀technologies.฀For฀ example,฀some฀of฀the฀aggregation฀scenarios฀requiring฀de-duplication฀capabilities฀can฀require฀the฀use฀of฀MDM฀technologies. ฀ The฀data฀services฀layer฀allows฀creates฀and฀updates฀to฀be฀requested฀ once฀by฀a฀client฀and฀then฀decomposed฀by฀the฀supporting฀architecture฀into฀individual฀write฀commands฀to฀targeted฀data฀sources.฀ Therefore,฀the฀architecture฀must฀support฀transactionality฀–฀ensuring฀ that฀writes฀are฀consistent฀so฀that฀underlying฀data฀across฀all฀affected฀ data฀sources฀are฀left฀in฀a฀consistent฀state.฀This฀isn’t฀significantly฀different฀from฀current฀data฀integration฀pains.฀However,฀most฀systems฀ today฀requiring฀multi-write฀transaction฀capabilities฀leverage฀the฀XA฀ standards.฀Similar฀standards฀for฀the฀Web฀Services฀environment฀are฀ only฀starting฀to฀emerge.฀OASIS฀has฀recently฀formed฀a฀Web฀Services฀ Transaction฀Technical฀Committee฀(WS-TX฀TC)฀responsible฀for฀stewarding฀WS-AtomicTransaction,฀WS-Coordination,฀and฀WS-BusinessActivity฀specifications฀through฀the฀standardization฀process.฀None฀of฀ these฀standards฀have฀been฀ratified฀yet.฀Because฀these฀specifications฀ are฀still฀being฀developed,฀most฀SOA-related฀transaction฀support฀is฀ being฀custom-developed,฀typically฀through฀the฀use฀of฀homegrown฀ compensation฀mechanisms฀–฀effectively฀an฀“undoing”฀of฀a฀previously฀executed฀service฀invocation.฀Instead฀of฀providing฀true฀rollback฀ semantics,฀compensation฀is฀an฀additional฀service฀invocation฀that฀ rewrites฀data฀to฀its฀original฀state.฀While฀it฀may฀be฀beneficial฀to฀take฀a฀ wait-and-see฀approach฀to฀building฀transactionality,฀solutions฀aligned฀ with฀the฀three฀specifications฀seeding฀WS-TX฀deliberations฀will฀likely฀ provide฀the฀path฀of฀least฀resistance฀to฀standards฀compliance.

Quality฀of฀Service ฀ With฀all฀the฀data฀access฀operations฀going฀through฀this฀data฀services฀layer,฀a฀major฀concern฀is฀the฀potential฀bottleneck฀at฀this฀layer฀ that฀may฀limit฀scalability.฀The฀obvious฀way฀to฀resolve฀this฀problem฀ is฀to฀create฀a฀clustered฀environment฀with฀multiple฀instances฀of฀this฀ data฀services฀layer.฀ ฀ There฀are฀complexities฀with฀clustering฀dependant฀on฀whether฀the฀ enterprise฀is฀using฀a฀purely฀federated฀approach฀or฀has฀some฀level฀of฀ data฀replication.฀If฀using฀a฀purely฀federated฀approach,฀then฀it฀can฀ be฀simple฀to฀have฀a฀cluster฀with฀multiple฀instances.฀However,฀the฀ architecture฀must฀still฀address฀the฀issue฀of฀affinity฀for฀a฀particular฀ instance฀–฀especially฀in฀the฀case฀of฀inter-service฀transactions.฀The฀ architecture฀must฀address฀questions฀such฀as:฀Are฀all฀operations฀ that฀are฀part฀of฀a฀transaction฀forced฀to฀go฀to฀the฀same฀data฀service฀ instance?฀Can฀different฀operations฀that฀use฀different฀data฀service฀ instances฀still฀be฀part฀of฀the฀transaction?฀ ฀ A฀simple฀solution฀is฀to฀require฀all฀operations฀in฀a฀single฀transaction฀to฀interact฀with฀a฀single฀service฀instance.฀However,฀this฀solution฀ isn’t฀without฀its฀disadvantages฀since฀it฀can฀affect฀how฀well฀the฀load฀ is฀distributed฀across฀the฀cluster.฀With฀some฀replication,฀clustering฀ becomes฀more฀difficult.฀In฀addition฀to฀the฀server฀affinity฀issue,฀the฀ architecture฀must฀include฀a฀partitioning฀strategy.฀This฀strategy฀answers฀questions฀such฀as:฀Do฀all฀instances฀of฀the฀data฀services฀allow฀ access฀to฀all฀the฀data?฀Or฀are฀data฀services฀partitioned฀so฀that฀only฀ certain฀instances฀allow฀access฀to฀certain฀data?

22฀฀June฀2006

Data฀Access฀and฀Usage฀Patterns ฀ It’s฀important฀to฀note฀that฀different฀applications฀have฀different฀ data฀access฀and฀usage฀patterns.฀Some฀applications฀can฀produce฀ many฀transactions฀but฀access฀only฀a฀small฀amount฀of฀data฀in฀each฀ transaction.฀For฀other฀applications,฀the฀transaction฀throughput฀can฀ be฀small฀but฀the฀volume฀of฀data฀that’s฀accessed฀very฀large.฀The฀way฀ to฀tune฀data฀source฀performance฀for฀these฀patterns฀is฀very฀different.฀ When฀using฀a฀data฀services฀solution฀to฀provide฀centralized฀access฀to฀ enterprise฀data฀sources,฀the฀enterprise฀must฀accommodate฀all฀the฀ various฀access฀and฀usage฀patterns฀of฀the฀applications฀that฀will฀be฀ integrated฀with฀this฀solution.฀Tuning฀the฀infrastructure฀to฀support฀ a฀single฀application’s฀performance฀requirements฀is฀complicated,฀ trying฀to฀tune฀it฀to฀adequately฀support฀multiple฀patterns฀of฀use฀ and฀access฀will฀be฀even฀more฀difficult.฀Often,฀there฀will฀be฀conflicting฀configurations฀—฀something฀that฀optimizes฀the฀performance฀ of฀one฀application฀will฀degrade฀the฀performance฀of฀another.฀The฀ enterprise฀should฀analyze฀and฀model฀the฀access฀and฀use฀patterns฀ of฀the฀applications฀that฀will฀be฀using฀the฀data฀services฀and฀ensure฀ that฀well-defined฀performance฀criteria฀for฀each฀scenario฀have฀ been฀developed.฀Additionally,฀enough฀time฀should฀be฀planned฀for฀ testing฀the฀performance฀of฀a฀particular฀solution฀with฀simulations฀ that฀reflect฀the฀access฀and฀usage฀patterns฀that฀are฀common฀to฀the฀ enterprise฀environment.

Summary ฀ Harmonizing฀data฀assets฀has฀always฀been฀a฀challenging฀problem;฀ the฀problems฀and฀urgency฀are฀further฀exacerbated฀when฀migrating฀ to฀an฀SOA.฀Developing฀a฀strategy฀for฀handling฀this฀kind฀of฀transition฀ is฀essential฀to฀properly฀enabling฀data฀access฀in฀an฀enterprise฀SOA฀ environment.฀By฀developing฀appropriate฀requirements฀and฀use฀cases฀and฀by฀analyzing฀data฀assets฀and฀data฀usage,฀organizations฀can฀ better฀understand฀the฀breadth฀and฀depth฀of฀their฀data฀integration฀ issues฀and฀begin฀to฀take฀steps฀to฀address฀them.฀Ultimately,฀every฀ organization฀must฀develop฀a฀strategy฀tailored฀to฀its฀specific฀needs,฀ but฀the฀overall฀approach฀described฀in฀this฀article฀provides฀guidance฀ in฀understanding฀what฀types฀of฀questions฀should฀be฀asked฀and฀how฀ to฀leverage฀possible฀technology฀solutions฀to฀address฀the฀resulting฀ issues฀that฀are฀identified.฀This฀guidance฀will฀enable฀organizations฀to฀ fully฀leverage฀and฀exploit฀their฀most฀important฀strategic฀asset:฀their฀ data.฀฀ About฀the฀Authors Tieu฀Luu฀is฀an฀Associate฀with฀Booz฀Allen฀Hamilton฀where฀he฀works฀on฀architectures฀and฀strategies฀for฀large฀enterprise฀systems.฀Prior฀to฀Booz฀Allen฀Hamilton,฀Tieu฀held฀lead฀engineering฀positions฀at฀companies฀including฀Grand฀Central฀Communications,฀Mercator฀Software,฀and฀Aether฀ Systems฀where฀he฀worked฀on฀the฀development฀of฀integration฀and฀mobile฀computing฀platforms.฀ You฀can฀read฀more฀of฀Tieu�s฀writing฀at฀his฀blog฀at฀http://thluu.blogspot.com. [email protected] Sandeep฀Maripuri฀is฀an฀Associate฀with฀Booz฀Allen฀Hamilton฀where฀he฀designs฀and฀implements฀ data฀sharing฀architectures฀that฀apply฀service-oriented฀concepts.฀฀Prior฀to฀joining฀Booz฀Allen฀ Hamilton,฀Sandeep฀held฀architecture฀and฀engineering฀positions฀in฀both฀large฀consulting฀firms฀ and฀a฀commercial฀software฀startup,฀where฀he฀was฀an฀architect฀and฀lead฀engineer฀of฀one฀of฀the฀ first฀commercially-available฀semantic฀data฀interoperability฀platforms. [email protected] Riad฀Assir฀is฀a฀senior฀technologist฀with฀Booz฀Allen฀Hamilton฀where฀he฀designs฀enterprise฀systems฀for฀commercial฀and฀government฀clients.฀฀Prior฀to฀Booz฀Allen฀Hamilton,฀Riad฀held฀Senior฀ technology฀positions฀at฀companies฀such฀as฀Thomson฀Financial,฀B2eMarkets฀and฀Manugistics,฀ where฀he฀worked฀on฀large฀supply฀chain฀systems฀development.

www.WSJ2.com

STRATEGIES

Mainframe฀to฀SOA฀–฀ The฀People฀Effect How฀to฀apply฀mainframe฀experts฀as฀a฀resource฀in฀the฀world฀of฀SOA WRITTEN฀BY฀ROBERT฀MORRIS

฀฀As฀Service฀Oriented฀Architecture฀(SOA)฀initiatives฀attain฀critical฀mass฀in฀the฀enterprise,฀there’s฀more฀and฀more฀interest฀in฀boosting฀business฀results฀and฀competitiveness฀ (not฀to฀mention฀leveraging฀significant฀long-term฀investments)฀by฀incorporating฀mainframe฀assets฀into฀the฀SOA.฀However,฀if฀this฀attention฀is฀myopically฀focused฀on฀data฀ and฀functionality,฀companies฀may฀be฀overlooking฀the฀mainframe’s฀highest฀potential฀ for฀rapid฀time-to-market฀and฀ROI:฀the฀value฀of฀the฀expertise฀resident฀with฀mainframe฀ developers.฀

�

hile฀they฀may฀seem฀an฀unlikely฀ resource฀to฀deliver฀SOA฀netcentric฀applications,฀equipping฀ mainframe฀developers฀is฀actually฀a฀highly฀ practical฀and฀cost-effective฀alternative฀to฀ the฀near-impossible฀task฀of฀trying฀to฀infuse฀ Web฀Services฀developers฀with฀decades฀of฀ mainframe฀experience.฀ ฀ This฀article฀will฀look฀at฀the฀benefits฀of฀ fully฀utilizing฀the฀portfolio฀of฀mainframe฀ assets฀in฀an฀SOA,฀with฀a฀special฀focus฀on฀ tapping฀into฀mainframe฀expertise฀as฀a฀ primary฀resource.฀We’ll฀examine฀an฀approach฀to฀SOA฀development฀that฀utilizes฀ tools฀designed฀specifically฀for฀mainframe฀ developers.฀We’ll฀look฀at฀the฀impact฀and฀ potential฀advantages฀in฀terms฀of฀learning฀ curve,฀delivery฀time,฀and,฀most฀importantly,฀in฀terms฀of฀achieving฀optimal฀service฀ granularity฀to฀promote฀maximum฀re-use฀of฀ mainframe-based฀business฀services.฀

Why฀Mainframe฀Developers? ฀ One฀of฀the฀leading฀motivations฀for฀ companies฀embracing฀the฀mainframe฀in฀ their฀SOA฀strategies฀is฀the฀opportunity฀to฀ maximize฀the฀return฀on฀their฀long-term฀ investments.฀At฀the฀same฀time,฀the฀proven฀ performance,฀security,฀and฀scalability฀of฀

24฀฀June฀2006

mainframe฀functionality฀minimize฀the฀ business฀risk฀associated฀with฀implementing฀new฀SOA฀initiatives.฀Equally฀important฀ is฀the฀opportunity฀to฀lower฀operational฀ costs฀through฀SOA฀re-use฀and฀maintenance฀benefits.฀ ฀ Although฀it’s฀clear฀that฀the฀mainframe฀ is฀an฀ideal฀candidate฀for฀participating฀in฀ the฀SOA,฀many฀companies฀leave฀much฀of฀ the฀mainframe’s฀value฀on฀the฀sidelines,฀ fearing฀that฀the฀skills฀required฀for฀service฀implementation,฀and฀the฀knowledge฀ required฀to฀create฀business฀services฀from฀ mainframe฀applications฀and฀technologies,฀ are฀islands฀that฀can’t฀be฀bridged฀within฀the฀ organization.฀And฀it’s฀unrealistic฀to฀expect฀ service฀development฀experts฀to฀come฀up฀ to฀speed฀quickly฀on฀decades฀of฀knowledge฀ about฀mainframe฀applications฀and฀data.฀ A฀reverse฀of฀the฀process,฀on฀the฀other฀ hand,฀is฀actually฀quite฀practical.฀Instead฀ of฀abandoning฀the฀mainframe,฀along฀with฀ its฀proven฀functionality,฀for฀lack฀of฀service฀ development฀skills฀within฀the฀community฀ of฀mainframe฀expertise,฀companies฀should฀ look฀for฀quick฀and฀effective฀ways฀to฀bring฀ their฀mainframe฀developers฀up฀to฀speed฀ on฀service฀development.฀According฀to฀ Gartner฀analyst฀Dale฀Vecchio,฀speaking฀at฀

a฀recent฀BPM฀conference,฀“The฀talents฀of฀ your฀people฀do฀not฀solely฀reside฀in฀their฀ technology฀skills.฀Evolve฀your฀development฀ organization฀to฀a฀component/assembly฀ mentality฀where฀re-use฀is฀rewarded฀—฀even฀ on฀mainframe฀environments.”฀And,฀in฀fact,฀ mainframe฀developers฀are฀uniquely฀qualified฀to฀produce฀the฀right-sized฀“business฀ services”฀that฀will฀maximize฀re-use.

Web฀Services฀versus฀ Business฀Services ฀ At฀this฀point฀it฀will฀be฀useful฀to฀understand฀the฀distinction฀between฀Web฀Services฀ and฀business฀services.฀First,฀it฀should฀be฀ noted฀that฀Web฀Services฀aren’t฀necessarily฀ required฀for,฀nor฀are฀they฀synonymous฀with฀ SOA฀–฀although฀the฀two฀are฀frequently฀and฀ erroneously฀used฀interchangeably.฀While฀ Web฀Services฀are฀likely฀to฀be฀a฀part฀of฀an฀ SOA,฀they’re฀only฀one฀of฀several฀technology฀options฀for฀standardizing฀access฀to฀ services฀across฀the฀enterprise.฀According฀ to฀Integration฀Consortium฀vice-president฀ Steve฀Craggs,฀this฀can฀also฀be฀achieved฀by฀ utilizing฀such฀standards฀as฀J2EE฀Connector฀ Architectures฀(JCAs)฀and฀Enterprise฀Service฀Buses฀(ESBs)฀together฀with฀a฀metadata฀ repository.฀However,฀the฀business฀services฀

www.WSJ2.com

���������������� that฀make฀up฀an฀SOA฀play฀a฀more฀complex฀role฀than฀simply฀invoking฀a฀function฀ in฀a฀standard฀way.฀In฀the฀first฀place,฀they฀ typically฀contain฀multi-step฀functionality,฀ orchestrated฀in฀the฀service,฀with฀communications฀and฀data฀transformation฀that’s฀ transparent฀to฀the฀user.฀As฀Vecchio฀says,฀ they฀must฀facilitate฀re-use฀above฀all. ฀ Delivering฀mainframe฀SOA,฀therefore,฀ is฀more฀than฀just฀delivering฀mainframe฀ components฀dressed฀up฀as฀Web฀Services.฀ It฀requires฀an฀in-depth฀understanding฀ of฀how฀the฀components฀work฀together฀ to฀comprise฀a฀recognizable฀business฀ task฀–฀an฀understanding฀that’s฀a฀built-in฀ starting฀point฀for฀mainframe฀developers.฀ It฀then฀requires฀automating฀the฀interaction฀of฀the฀underlying฀functionality฀and฀ data฀sources฀necessary฀for฀the฀task.฀Again,฀ mainframe฀expertise฀already฀carries฀an฀indepth฀knowledge฀of฀that฀functionality฀and฀ those฀data฀sources฀in฀terms฀of฀mainframe฀ applications.฀Finally,฀the฀effective฀use฀ and฀re-use฀of฀a฀mainframe-based฀service฀ requires฀that฀the฀whole฀thing฀be฀packaged฀ in฀an฀easily฀recognizable฀and฀accessible฀ form.฀ ฀ It’s฀typically฀only฀at฀this฀final฀step฀that฀ there’s฀a฀significant฀learning฀curve฀for฀ mainframe฀developers.฀The฀fact฀is,฀with฀ the฀right฀tools฀–฀service฀development฀ tools฀designed฀specifically฀for฀their฀use฀ –฀and฀with฀a฀solid฀understanding฀of฀how฀ mainframe฀functionality฀will฀support฀SOA฀ applications,฀mainframe฀developers฀can฀ quickly฀assemble฀the฀right-sized฀multistep/multi-operation฀business฀services฀described฀above.฀With฀such฀an฀approach,฀the฀ development฀tools฀themselves฀can฀in฀fact฀ become฀a฀teaching฀tool฀for฀demonstrating฀ to฀mainframe฀developers฀everything฀they฀ need฀to฀know฀about฀building฀SOA฀business฀ services.฀This฀was฀the฀method฀used฀by฀one฀ of฀the฀largest฀mutual฀company฀providers฀ of฀property฀and฀liability฀insurance฀in฀the฀ United฀States,฀which฀recently฀completed฀ a฀mainframe฀SOA฀initiative฀that฀exceeded฀ all฀expectations฀in฀development,฀testing,฀ and฀implementation.฀This฀was฀in฀large฀ part฀due฀to฀its฀use฀of฀mainframe฀developers฀–฀subject-matter฀experts฀in฀mainframe฀ functionality฀and฀technologies฀–฀to฀create฀ mainframe-based฀business฀services฀for฀the฀ SOA.

Putting฀SOA฀Value฀ on฀the฀Fast฀Track ฀ With฀the฀need฀to฀develop฀and฀deploy฀ composite฀applications฀based฀on฀components฀from฀across฀the฀IT฀infrastructure,฀

www.WSJ2.com

the฀insurance฀company฀determined฀ that฀SOA฀offered฀it฀significant฀strategic฀ advantages.฀But฀according฀to฀its฀lead฀ system฀architect,฀its฀developers฀had฀been฀ spending฀half฀of฀their฀time฀on฀“plumbing”฀ –฀that฀is,฀creating฀and฀parsing฀XML,฀dealing฀with฀HTTP฀or฀other฀transports,฀error฀ handling,฀and฀so฀on.฀Not฀only฀did฀this฀ slow฀their฀development฀efforts฀and฀create฀ “brittle”฀code฀that฀was฀hard฀to฀maintain,฀ it฀also฀cost฀them฀in฀terms฀of฀lost฀opportunities฀for฀code฀re-use.฀Furthermore,฀the฀ company’s฀Visual฀Basic฀and฀Java฀developers฀weren’t฀familiar฀with฀the฀underlying฀ mainframe฀COBOL฀applications.฀This฀ meant฀that฀they฀couldn’t฀quickly฀deliver฀ the฀usable,฀maintainable฀business฀services฀required฀for฀the฀composite฀applications.฀As฀a฀result,฀the฀system฀architect฀was฀ finding฀it฀difficult฀to฀get฀the฀company’s฀ SOA฀strategy฀off฀the฀ground.฀ ฀ This฀is฀a฀perfect฀example฀of฀the฀“people฀ effect”฀at฀work.฀Without฀being฀able฀to฀use฀ their฀mainframe฀development฀expertise,฀ the฀company฀would฀be฀unable฀to฀leverage฀its฀other฀mainframe฀assets฀in฀the฀SOA฀ –฀and฀might฀not฀get฀the฀SOA฀going฀at฀all.฀ With฀the฀right฀tool,฀however฀–฀one฀designed฀specifically฀for฀mainframe฀developers฀to฀create฀complex฀business฀services฀ from฀mainframe฀data฀and฀functionality฀ –฀the฀system฀architect฀found฀that฀he฀could฀ effectively฀bridge฀the฀company’s฀SOA฀and฀ mainframe฀knowledge฀bases฀in฀less฀than฀a฀ half-day.฀ ฀ “Using฀a฀mainframe-specific฀development฀tool฀allowed฀us฀to฀focus฀our฀training฀ on฀Web฀Services,฀business฀services,฀and฀ SOA.฀We฀were฀able฀to฀quickly฀produce฀ examples฀that฀helped฀the฀developers฀to฀ experience฀and฀understand฀the฀benefits฀in฀ terms฀of฀code฀re-use.฀With฀this฀approach,฀ working฀from฀the฀developers’฀in-depth฀understanding฀of฀the฀COBOL฀applications฀we฀ were฀service-enabling,฀it฀essentially฀took฀ only฀four฀hours฀of฀training฀to฀turn฀them฀ into฀service฀developers.”

The฀Right฀Tools฀for฀the฀Job ฀ Once฀mainframe฀developers฀understand฀ how฀the฀services฀they฀are฀developing฀will฀ fit฀and฀function฀in฀the฀SOA฀–฀assisted฀by฀ tools฀that฀can฀readily฀demonstrate฀and฀ model฀the฀process฀–฀they฀can฀use฀their฀ existing฀mainframe฀expertise฀to฀quickly฀ develop฀the฀complex฀business฀services฀ that฀make฀an฀SOA฀successful.฀Given฀the฀ potential฀upside,฀then,฀what฀are฀the฀considerations฀for฀selecting฀mainframe฀service฀ development฀tools?฀

1 ���฀���������฀

���������฀��฀�฀��������฀ �������฀���฀������

blog-n-play™ is the only FREE custom blog address you can own which comes instantly with an access to the entire i-technology community readership. Have your blog read alongside with the world’s leading authorities, makers and shakers of the industry, including well-known and highly respected i-technology writers and editors.

2 ���฀�฀����฀

�����������฀����฀��������

blog-n-play™ gives you the most prestigious blog address. There is no other blog community in the world who offers such a targeted address, which comes with an instant targeted readership.

3 ����฀����฀������฀ ��฀���฀��������

blog-n-play™ is powered by Blog-City™, the most feature rich and bleeding-edge blog engine in the world, designed by Alan Williamson, the legendary editor of JDJ. Alan kept the i-technology community bloggers’ demanding needs in mind and integrated your blog page to your favorite magazine’s Web site.

����������������������� �����฀�����฀��฀������฀�����

����฀����฀����฀�����������฀������� ��฀���������฀�����฀

��฀����฀�������฀

����������������฀�������฀

����������฀����฀�������฀

����฀����

�����������

���฀��������฀�������฀

��������฀��������฀������

����฀����฀�������฀

���������฀�������฀

����������฀��������฀

�����฀��������

�����������������

������������฀����฀�������฀

�������฀����฀�������฀

฀�฀������฀

�����

����฀��฀���฀����฀฀ ����฀����฀������

June฀2006฀฀25฀฀

STRATEGIES

One of the leading motivations for companies embracing the mainframe in their SOA strategies is the opportunity to maximize the return on their long-term investments ฀ First฀are฀the฀unique฀features฀of฀the฀mainframe฀technology฀landscape.฀In฀his฀paper฀ on฀“Best-of-Breed฀Mainframe฀SOA฀Tools,”฀ author฀Steve฀Craggs฀recommends฀that฀ the฀best฀toolset,฀by฀design,฀will฀be฀right฀ at฀home฀with฀the฀specialized฀mainframe฀ applications,฀resources,฀and฀environments฀ that฀are฀the฀purview฀of฀mainframe฀developers,฀such฀as: •฀ IBM฀transaction฀processing฀products,฀ CICS฀and฀IMS •฀ IDMS,฀Natural,฀and฀Adabas •฀ COBOL •฀ DB2฀database฀and฀MQSeries฀messaging฀ middleware •฀ RACF฀and฀SAF ฀ In฀addition,฀the฀toolset฀should฀provide฀ a฀way฀to฀map฀mainframe฀programming฀ structures฀to฀technologies฀such฀as฀XML฀ and฀Web฀Services,฀the฀foundation฀for฀ bridging฀mainframe฀expertise฀and฀SOA฀ deployment฀technologies.฀You฀can฀eliminate฀any฀toolset฀that฀doesn’t฀provide฀the฀ basic฀functionality฀required฀to฀integrate฀ mainframe฀functionality฀according฀to฀SOA฀ principles.฀Virtually฀any฀development฀tool฀ can฀manage฀mainframe฀applications฀that฀ can฀be฀“driven”฀through฀a฀programmable฀ interface.฀But฀many฀of฀the฀older฀mainframe฀ applications฀are฀screen-driven,฀and฀the฀ toolset฀must฀provide฀screen-based฀access฀ for฀them.฀The฀toolset฀also฀has฀to฀be฀able฀to฀ play฀by฀SOA฀rules,฀providing฀wrappers฀or฀ adapters฀that฀“bridge”฀mainframe฀access฀ mechanisms฀with฀SOA฀interface฀standards.฀ And฀besides฀providing฀interface฀support฀ for฀different฀types฀of฀applications,฀the฀toolset฀should฀access฀various฀mainframe฀data฀ sources,฀such฀as฀DB2,฀VSAM,฀Adabas.฀and฀ others฀under฀a฀single฀SQL-style฀interface฀ that฀will฀be฀familiar฀to฀mainframe฀developers. ฀ Unfortunately,฀even฀the฀most฀sophisticated฀functionality฀can฀be฀rendered฀ ineffective฀if฀it’s฀not฀easy฀to฀use.฀To฀make฀ immediate฀use฀of฀mainframe฀expertise,฀ the฀development฀tools฀provided฀should฀ be฀intuitive฀and฀accessible,฀automating฀ the฀creation฀of฀services฀on฀the฀mainframe฀ as฀much฀as฀possible.฀It฀shouldn’t฀mean฀

26฀฀June฀2006

support฀the฀stringent฀integrity฀and฀recoverability฀requirements฀of฀the฀mainframe฀ environment.฀And,฀in฀addition฀to฀supporting฀mainframe฀operating฀system฀functions,฀ it฀will฀have฀the฀appropriate฀look-and-feel฀ to฀gain฀rapid฀acceptance฀and฀utilization฀ within฀the฀mainframe฀community.฀This฀ will฀be฀key฀to฀putting฀the฀“people฀effect”฀in฀ motion.

Transforming฀Mainframe฀ Expertise฀into฀SOA฀Success extensive฀training฀or฀third-party฀consulting฀to฀produce฀results,฀as฀this฀will฀defeat฀ the฀advantage฀of฀leveraging฀your฀existing฀ mainframe฀development฀resources. ฀ The฀toolset฀should฀make฀it฀easy฀to฀ assemble฀and฀orchestrate฀the฀proper฀ execution฀of฀multi-step/multi-operation฀business฀processes฀from฀mainframe฀ applications.฀This฀is฀best฀achieved฀by฀a฀ graphical฀modeling฀approach฀that฀will฀ provide฀a฀familiar฀development฀environment฀for฀the฀mainframe฀expert,฀and฀ reduce฀or฀eliminate฀manual฀coding,฀ thereby฀shortening฀the฀learning฀curve฀and฀ speeding฀development.฀ ฀ The฀modeling฀environment฀should฀also฀ provide฀visual฀feedback฀that฀will฀serve฀to฀ improve฀accuracy฀by฀highlighting฀problems฀early฀in฀the฀development฀process.฀ To฀this฀end,฀the฀toolset฀should฀enable฀the฀ developer฀to฀test฀components฀in฀isolation,฀ simulating฀their฀performance฀in฀real฀operations,฀without฀requiring฀that฀all฀components฀be฀completed฀and฀assembled฀before฀ they฀can฀be฀tested.฀The฀toolset฀should฀ also฀provide฀development฀lifecycle฀support,฀allowing฀services฀and฀components฀ to฀be฀marked฀as฀development,฀test,฀QA,฀ or฀production-level,฀and฀should฀support฀ versioning฀as฀well฀to฀ensure฀that฀untested฀ components฀or฀changes฀don’t฀enter฀the฀ production฀environment. ฀ Ultimately,฀all฀of฀these฀development฀and฀ deployment฀considerations฀will฀demonstrate฀whether฀or฀not฀a฀toolset฀was฀created฀ based฀on฀an฀extensive฀understanding฀of฀ mainframes.฀If฀so,฀it฀will฀offer฀features฀that฀

฀ It’s฀clear฀that฀mainframe฀applications,฀ data,฀and฀performance฀have฀a฀major฀role฀ to฀play฀in฀the฀Service฀Oriented฀Architectures฀of฀today.฀But฀it’s฀equally฀important฀ to฀tap฀your฀mainframe฀expertise฀to฀leverage฀those฀resources฀effectively.฀No฀one฀ knows฀more฀about฀mainframe฀applications,฀functionality,฀and฀the฀underlying฀ code฀than฀the฀mainframe฀developers฀ already฀on฀your฀staff.฀Equipping฀them฀ with฀development฀tools฀that฀enable฀them฀ to฀readily฀visualize฀and฀understand฀the฀ concept฀and฀benefits฀of฀a฀business฀service฀ composed฀of฀mainframe฀components฀is฀ the฀first฀step฀–฀and฀the฀fastest฀route฀–฀to฀ bridging฀the฀knowledge฀gap฀between฀ proven฀legacy฀assets฀and฀strategic฀service฀ initiatives.฀Armed฀with฀that฀knowledge,฀ the฀right฀tools฀will฀then฀equip฀mainframe฀ developers฀to฀quickly฀and฀easily฀assemble฀ and฀deploy฀multi-step/multi-operation฀ mainframe-based฀business฀services฀that฀ are฀right-sized฀to฀maximize฀re-use.฀This฀ approach฀unlocks฀the฀full฀value฀of฀all฀of฀ your฀mainframe฀assets฀–฀from฀data฀to฀ developers฀–฀to฀fuel฀rapid฀and฀robust฀SOA฀ implementations.฀฀฀ About฀the฀Author฀ Robert฀Morris฀is฀senior฀vice฀president฀of฀marketing฀and฀ strategy฀responsible฀for฀the฀planning,฀integration,฀and฀ marketing฀of฀GT฀Software฀product฀solutions฀to฀the฀global฀ market.฀Prior฀to฀GT฀Software,฀he฀held฀a฀variety฀of฀sales,฀ marketing,฀and฀product฀management฀positions฀at฀KnowledgeWare,฀Forté฀Software,฀ClientSoft฀(now฀NEON฀systems),฀ and฀Jacada.฀He฀has฀an฀extensive฀background฀in฀application฀ development฀and฀integration฀including฀experience฀with฀ CASE฀methodologies฀and฀distributed฀systems฀as฀well฀as฀ midrange฀and฀mainframe฀environments.

www.WSJ2.com

PRODUCT฀REVIEW

Mindreef฀SOAPscope฀Server The฀rare฀distributed฀development฀environment WRITTEN฀BY฀BRIAN฀BARBASH

฀By฀nature฀Web฀Services฀is฀a฀distributed฀technology.฀With฀distribution฀comes฀great฀ flexibility฀for฀architectural฀topologies.฀Components฀can฀be฀strategically฀placed฀in฀ different฀physical฀locations฀to฀optimize฀performance,฀maintenance฀and฀business฀ processes.฀In฀large฀organizations฀one฀physical฀location฀may฀handle฀sales฀services,฀ while฀another฀delivers฀contract฀management.฀As฀organizations฀build฀Service฀Oriented฀ Architectures฀that฀stitch฀together฀these฀physically฀dispersed฀services,฀distributed฀ development฀becomes฀an฀interesting฀challenge฀to฀overcome.฀Many฀collaborative฀ technologies฀exist฀today฀to฀facilitate฀better฀communications฀and฀information฀sharing฀ among฀workers,฀but฀it’s฀rare฀to฀find฀a฀distributed฀development฀environment.

�

nter฀Mindreef’s฀SOAscope฀Server.฀ Coral฀is฀a฀development฀platform฀that฀ provides฀a฀centralized฀work฀environment฀designed฀specifically฀for฀SOAs฀ enabled฀by฀Web฀Services.฀Development฀ teams฀collaborate฀in฀specialized฀virtual฀ workspaces฀that฀manage฀Web฀Services฀ definitions,฀messages,฀recorded฀actions,฀ simulations,฀and฀notes.

฀ From฀these฀views,฀services฀can฀be฀invoked,฀analyzed,฀or฀updated,฀and฀multiple฀ services฀can฀be฀compared฀to฀identify฀differences฀in฀their฀definitions.฀The฀developer฀ can฀also฀analyze฀services฀for฀best฀practices.฀ The฀choices฀of฀algorithms฀to฀run฀are฀Mindreef฀Basic฀Diagnostics,฀WS-I฀Basic฀Profile฀ 1.0,฀and฀a฀combination฀of฀the฀WS-I฀Basic฀ Profile฀1.0฀and฀SOAP฀Binding฀Profile฀1.0.฀ Users฀have฀the฀option฀of฀creating฀their฀own฀ algorithms฀from฀a฀library฀of฀tests.

The฀Development฀Environment:฀ Creating฀Workspaces ฀ Mindreef฀SOAPscope฀Server฀is฀based฀on฀ the฀concept฀of฀workspaces.฀As฀mentioned,฀ workspaces฀are฀central฀repositories฀that฀ contain฀the฀assets฀of฀a฀given฀Web฀Servicesenabled฀project.฀There฀are฀three฀kinds฀of฀ workspaces: 1.฀Private:฀All฀assets฀in฀private฀workspaces฀ are฀accessible฀only฀to฀the฀logged-in฀user฀ 2.฀Team:฀Assets฀in฀team฀workspaces฀are฀accessible฀to฀any฀logged-in฀user 3.฀Community:฀Community฀workspace฀ assets฀are฀available฀to฀any฀user฀in฀a฀readonly฀state,฀and฀an฀editable฀state฀to฀those฀ with฀accounts฀on฀the฀server ฀ As฀an฀example,฀assume฀that฀an฀organization฀has฀separate฀physical฀locations฀for฀sales,฀ contract฀management,฀and฀master฀data฀services฀(customer,฀product,฀etc.).฀The฀support฀

28฀฀June฀2006

฀ With฀the฀service฀contracts฀loaded,฀SOAPscope฀Server฀presents฀them฀to฀developers฀in฀ multiple฀views: •฀ Overview:฀Displays฀the฀details฀of฀a฀specific฀service฀contract฀as฀a฀tree฀structure.฀ Each฀operation฀is฀an฀expandable฀node฀on฀ the฀tree฀in฀which฀the฀operational฀details฀ are฀stored฀including฀actions฀and฀input฀ and฀output฀message฀constructs. •฀ Documentation:฀Lists฀all฀of฀the฀components฀of฀the฀Web฀Service฀by฀namespace. •฀ Files:฀Displays฀the฀XML฀files฀that฀make฀up฀ the฀Web฀Service฀definition฀in฀a฀formatted฀ view. •฀ Coverage:฀A฀general฀listing฀of฀usage฀statistics฀for฀a฀given฀service.฀Metrics฀captured฀ here฀include฀total฀calls,฀faults,฀call฀duration,฀request฀size,฀and฀response฀size.

teams฀and฀developers฀of฀these฀individual฀ services฀are฀also฀located฀in฀different฀physical฀ locations.฀As฀part฀of฀an฀effort฀to฀improve฀ties฀ with฀its฀trading฀partners,฀this฀company฀is฀ building฀an฀application฀so฀buyers฀can฀submit฀ price฀checks฀and฀purchase฀orders฀using฀Web฀ Services.฀During฀development฀a฀workspace฀ will฀be฀created฀in฀the฀team฀area. ฀ When฀establishing฀a฀workspace฀in฀Mindreef฀SOAPscope฀Server,฀developers฀add฀WSDL฀ definitions฀referred฀to฀as฀service฀contracts.฀ As฀shown฀in฀Figure฀1,฀service฀contracts฀can฀ be฀added฀to฀a฀workspace฀via฀either฀a฀URL฀ or฀a฀WSDL฀file฀located฀on฀the฀file฀system.฀ Service฀contracts฀can฀also฀be฀added฀from฀the฀ developer’s฀other฀private฀workspaces,฀and฀ from฀all฀team฀and฀community฀workspaces.฀ For฀this฀example,฀the฀ContractService฀and฀ SalesService฀WSDL฀files฀will฀be฀added.

Testing฀and฀Verifying฀Services ฀ Every฀time฀a฀developer฀invokes฀a฀Web฀ Service฀from฀a฀workspace,฀the฀request฀and฀response฀messages฀are฀captured฀and฀the฀event฀ is฀stored฀as฀an฀action.฀This฀serves฀as฀a฀powerful฀mechanism฀for฀testing฀and฀debugging.฀ When฀issues฀with฀a฀service฀are฀identified,฀ the฀messages฀that฀produce฀the฀issue฀can฀be฀ stored฀and฀re-sent฀to฀verify฀that฀the฀appropriate฀collective฀actions฀have฀been฀taken. ฀ Individual฀actions฀can฀also฀be฀strung฀together฀to฀create฀scripts.฀This฀provides฀for฀testing฀dependent฀services.฀Web฀Service฀parameters฀can฀be฀configured฀to฀extract฀their฀values฀ from฀variables฀allowing฀for฀the฀results฀of฀one฀ service฀to฀serve฀as฀the฀input฀to฀another.฀For฀ the฀example฀in฀this฀article,฀the฀ContractService.GetContractPrice฀has฀been฀configured฀to฀

www.WSJ2.com

Figure฀1:฀Adding฀a฀service฀contract

put฀its฀results฀in฀variables.฀The฀values฀include฀ contract฀number฀and฀price.฀Subsequently,฀the฀ SalesService.SubmitPO฀operation฀has฀been฀ configured฀to฀extract฀the฀contract฀number฀ and฀price฀from฀the฀configured฀variables฀completing฀the฀chain฀of฀operations.

฀ Collaboration

฀ All฀of฀the฀features฀of฀Mindreef฀SOAPscope฀ Server฀mentioned฀so฀far฀are฀valuable฀and฀ serve฀to฀assist฀with฀developing฀and฀testing฀ Web฀Services.฀However,฀SOAPscope฀Server’s฀ differentiating฀functionality฀is฀in฀its฀ability฀ for฀teams฀to฀collaborate฀on฀Web฀Service฀ development.฀Features฀of฀the฀system฀that฀ facilitate฀this฀include:฀ •฀ Workspace฀Notes:฀Notes฀in฀a฀workspace฀ provide฀a฀way฀to฀document฀activities,฀changes,฀ issues,฀and฀other฀useful฀information฀to฀members.฀For฀example,฀if฀an฀issue฀is฀identified฀with฀ the฀ContractService,฀the฀action฀that฀re-creates฀ the฀error฀and฀the฀specific฀inputs฀that฀are฀associated฀with฀it฀may฀be฀documented฀as฀a฀note.฀ Members฀of฀the฀maintenance฀team฀for฀the฀ ContractService฀now฀have฀a฀centralized฀documentation฀repository฀to฀identify฀and฀resolve฀ the฀issue,฀a฀location฀into฀which฀the฀resolution฀ may฀be฀entered,฀and฀an฀action฀script฀to฀re-create฀and฀diagnose฀the฀issue฀at฀hand. •฀ RSS฀News฀Feeds:฀These฀feeds฀provide฀ information฀about฀the฀workspace฀and฀the฀ notes฀entered.฀RSS฀feeds฀always฀include฀ the฀first฀and฀last฀note฀entered฀in฀the฀workspace.฀So฀teams฀that฀consume฀services฀in฀ a฀workspace฀may฀be฀notified฀by฀RSS฀when฀ changes,฀updates,฀or฀issues฀are฀resolved฀ in฀the฀workspace.

www.WSJ2.com

Figure฀2:฀Simulating฀a฀response

•฀ SOAPscope฀Server฀Integration:฀SOAPscope฀ Server฀lets฀workspaces฀be฀exported฀to฀a฀ proprietary฀format฀called฀a฀Mindreef฀Reproducible฀Package.฀These฀packages฀can฀be฀ transferred฀to฀any฀SOAPscope฀Server฀server฀ with฀all฀assets฀intact.฀Packages฀can฀also฀be฀ stored฀in฀alternate฀systems,฀such฀as฀bug฀ tracking฀tools,฀for฀archiving฀and฀reference.

Simulation ฀ Simulation฀in฀SOAPscope฀Server฀refers฀to฀ the฀practice฀of฀creating฀dummy฀messages฀ that฀serve฀as฀placeholders฀for฀Web฀Services.฀ This฀is฀particularly฀useful฀during฀the฀development฀of฀composite฀applications฀and฀prototyping฀where฀not฀all฀services฀are฀available.฀ During฀a฀simulation,฀SOAPscope฀Server฀acts฀ as฀a฀service฀endpoint,฀responding฀with฀the฀ appropriate฀message฀template฀based฀on฀the฀ contents฀of฀a฀request,฀or฀throwing฀a฀SOAP฀ fault฀when฀no฀matching฀response฀is฀found. ฀ Using฀the฀ContractService฀a฀new฀operation฀ has฀been฀defined฀called฀GetEligibility.฀This฀ operation฀will฀determine฀which฀contracts฀a฀ given฀customer฀can฀buy฀on,฀if฀any.฀The฀service฀ itself฀has฀yet฀to฀be฀developed,฀so฀a฀simulation฀ will฀be฀created฀for฀this฀specific฀operation. ฀ As฀shown฀in฀Figure฀2,฀the฀simulation฀for฀ GetEligibility฀will฀be฀based฀on฀the฀value฀ of฀the฀attribute฀“name”฀in฀the฀incoming฀ XML฀payload.฀The฀response,฀shown฀at฀the฀ bottom฀of฀the฀screen,฀is฀a฀hard-coded฀XML฀ string฀that฀represents฀a฀generic฀eligibility฀ value.฀Multiple฀simulations฀can฀be฀created,฀ each฀configured฀to฀react฀to฀a฀specific฀payload,฀to฀accommodate฀different฀business฀ cases฀such฀as฀customers฀being฀eligible฀for฀

more฀than฀one฀contract.฀Invoking฀the฀simulation฀is฀as฀simple฀as฀sending฀a฀request฀from฀ the฀service฀client฀to฀the฀endpoint฀defined฀ for฀the฀simulation.

Summary ฀ Developing฀Web฀Services฀components฀in฀ a฀Services฀Oriented฀Architecture฀presents฀ unique฀challenges.฀Physical฀distribution฀of฀ resources฀adds฀to฀this฀complexity.฀Mindreef’s฀ SOAPscope฀Server฀platform฀introduces฀an฀ interesting฀solution฀to฀this฀challenge฀by฀providing฀a฀collaborative฀work฀environment฀that฀ goes฀beyond฀the฀traditional฀communication฀ functions.฀The฀system฀can฀play฀a฀valuable฀role฀ in฀organizations฀building฀out฀new฀services฀ and฀supporting฀existing฀applications.฀SOAPscope฀Server฀is฀definitely฀worth฀a฀look.฀฀

Requirements Browser: >฀Browser฀based฀UI฀for฀easy฀collaboration >฀IE฀6.0฀and฀above฀supported Server: >฀Installs฀private฀Tomcat฀to฀host฀Mindreef฀฀ ฀ ฀฀฀SOAPscope฀Server >฀Minimum฀requirements, >฀Concurrent฀licensing ฀ Choice฀of฀annual฀subscription,฀or฀perpetual฀ license, Database: >฀Installs฀SQL฀MSDE >฀Supports฀SQL฀server

June฀2006฀฀29฀฀

BPD

Bringing฀SOA฀to฀the฀mainframe฀ is฀the฀next฀step฀for฀enterprises

The฀Evolution฀ ฀฀of ฀

SOAs

WRITTEN฀BY฀STUART฀BURRIS

฀Mainframes฀were฀the฀fi฀rst฀computing฀platform฀of฀corporate฀ information฀technology.฀As฀the฀industry฀has฀grown,฀mainframes฀ have฀continued฀to฀evolve฀and฀integrate฀into฀the฀various฀incarnations฀of฀enterprise฀architecture.฀In฀fact,฀as฀the฀fi฀rst฀computing฀system,฀mainframes฀enjoy฀a฀special฀role฀when฀looking฀at฀ enterprise฀architecture,฀as฀mainframes฀have฀participated฀in฀ virtually฀every฀fl฀avor฀of฀architecture,฀starting฀with฀the฀incarnation฀of฀IT,฀when฀a฀mainframe฀was฀the฀architecture.฀

�

ainframes฀were฀initially฀deployed฀as฀monolithic,฀standalone฀systems.฀The฀prevailing฀attitude฀of฀the฀day฀was฀that฀ all฀applications฀could฀and฀would฀reside฀on฀a฀single฀large฀ computing฀platform,฀the฀mainframe.฀Application฀integration฀was฀ all฀nicely฀handled฀through฀mainframe฀resident฀data฀stores,฀and฀ callable฀transactions.฀However,฀as฀IT฀evolved฀into฀client/server฀and฀ other฀non-mainframe฀architectures,฀integration฀shifted฀as฀well.฀ ฀ Enterprise฀application฀integration฀(EAI)฀was฀born฀out฀of฀the฀

30฀฀June฀2006

need฀to฀integrate฀disparate฀systems,฀without฀using฀ad฀hoc฀point-topoint฀custom-developed฀interfaces฀for฀every฀project.฀EAI฀provided฀ the฀promise฀of฀unwinding฀the฀tangled฀mess฀of฀interfaces฀that฀had฀ grown฀to฀ensnare฀every฀corporate฀data฀center.฀Mainframes฀were฀still฀ the฀bedrock฀of฀corporate฀IT,฀however,฀now฀there฀were฀thousands฀of฀ interfaces฀feeding฀other฀systems฀in฀myriad฀point-to-point฀application-specifi฀c฀standards฀and฀semantics.฀For฀the฀mainframe,฀MQ฀was฀ the฀answer฀to฀standard฀EAI฀integration.฀However,฀as฀we฀quickly฀ learned,฀EAI฀didn’t฀solve฀the฀tangled฀mess฀of฀integration฀points.฀ EAI฀made฀integration฀easier;฀however,฀a฀lack฀of฀standards฀didn’t฀let฀ different฀vendors’฀EAI฀tooling฀work฀well฀with฀each฀other,฀and฀the฀ integration฀semantics฀were฀still฀developed฀specifi฀cally฀to฀meet฀the฀ needs฀of฀the฀specifi฀c฀point-to-point฀application฀integration฀driving฀ the฀project. ฀ Service฀Oriented฀Architecture฀(SOA)฀is฀being฀heralded฀as฀the฀ savior฀of฀enterprise฀integration,฀fi฀nally฀creating฀re-usable฀interfaces฀ to฀unwind฀the฀complex฀point-to-point฀integration.฀SOA฀does฀in฀fact฀ nicely฀solve฀the฀standards฀process,฀and฀while฀SOA฀doesn’t฀require฀ or฀mandate฀any฀technology,฀most฀SOA฀initiatives฀are฀creating฀easily฀ consumable฀services฀as฀Web฀Services.฀However,฀as฀for฀the฀second฀ issue฀of฀creating฀reusable฀services฀it’s฀useful฀to฀look฀back฀at฀history฀ at฀the฀lessons฀learned฀about฀creating฀a฀reusable฀integration฀point. ฀ Mainframe฀applications฀represent฀large฀chunks฀of฀business฀ process฀logic.฀Consider฀a฀mainframe฀application฀that’s฀used฀solely฀

www.WSJ2.com

for฀order฀processing.฀The฀monolithic฀mainframe฀application฀would฀ hand฀a฀number฀of฀sub-processes฀involved฀with฀order฀processing,฀ for฀example,฀order฀entry,฀accounts฀receivable,฀credit,฀and฀customer฀ maintenance.฀The฀mainframe฀system฀and฀the฀associated฀application฀flow฀represented฀and฀supported฀the฀business฀processes฀in฀the฀ organization.฀As฀the฀business฀processes฀of฀the฀organization฀evolved,฀ the฀mainframe฀application฀logic฀evolves฀as฀well,฀or฀eventually฀is฀ replaced.฀ ฀ Once฀the฀environment฀evolves฀into฀a฀heterogeneous฀environment฀of฀mainframe,฀client/server,฀and฀other฀technology,฀the฀ integration฀will฀mirror฀the฀macro฀business฀processes฀associated฀ with฀the฀capabilities฀of฀the฀application฀packages฀on฀each฀platform.฀ Let’s฀consider฀what฀happens฀to฀our฀mainframe฀shop฀when฀the฀ business฀decides฀to฀replace฀the฀customer฀maintenance฀and฀credit฀ management฀functions฀with฀a฀package฀to฀allow฀consolidation฀of฀the฀ customer฀and฀credit฀maintenance฀business฀processes฀across฀various฀divisions.฀ ฀ Consider฀that฀the฀macro฀business฀process฀was฀that฀the฀consolidated฀customer฀operations฀group฀would฀be฀responsible฀for฀initially฀ setting฀up฀all฀customers,฀and฀that฀no฀orders฀could฀be฀placed฀by฀ any฀of฀the฀divisional฀entities฀until฀that฀customer฀was฀established฀ in฀the฀system฀and฀the฀credit฀department฀could฀determine฀an฀appropriate฀credit฀line฀based฀on฀the฀terms฀and฀credit฀worthiness฀of฀ the฀customer.฀As฀such,฀the฀IT฀department฀determined฀that฀the฀new฀ client/server฀CRM฀suite฀would฀be฀the฀master฀of฀the฀customer฀data,฀ and฀a฀batch฀interface฀to฀the฀mainframe฀order฀entry฀system฀was฀constructed฀to฀populate/update฀the฀system฀with฀the฀latest฀information.฀ The฀IT฀interface฀matched฀the฀macro฀business฀process,฀with฀a฀formal฀ document,฀the฀interface฀between฀systems฀of฀the฀customer฀master,฀ being฀passed฀between฀the฀credit฀department฀and฀the฀order฀processing฀department฀nightly.฀ ฀ Of฀course,฀then฀another฀interface฀is฀written฀to฀a฀reporting฀system฀to฀ provide฀management฀reports,฀and฀another฀to฀reconcile฀the฀accounts฀ receivable,฀and฀another฀to฀update฀a฀sales฀force฀automation฀product,฀ and฀another฀to฀update฀the฀Web-based฀order฀status,฀and฀so฀on. ฀ But,฀besides฀the฀issue฀of฀interface฀proliferation,฀there’s฀another฀ issue฀associated฀with฀the฀granularity฀of฀the฀business฀process฀the฀ interface฀is฀supporting.฀The฀interface฀mirrors฀the฀business฀process;฀ however,฀it฀mirrors฀a฀very฀large฀course฀business฀process฀differentiation฀(order฀processing฀department฀versus฀the฀customer฀management฀ department).฀Let’s฀consider฀the฀impact฀of฀our฀division’s฀plans฀to฀offer฀ special฀promotional฀pricing฀based฀on฀total฀cross-divisional฀sales.฀ ฀ Our฀CRM฀system฀keeps฀track฀of฀total฀divisional฀sales;฀however,฀ that฀information฀wasn’t฀passed฀back฀to฀the฀mainframe฀in฀the฀interface฀so฀rather฀than฀waiting฀for฀IT฀to฀update฀the฀interface,฀our฀sales฀ team฀uses฀the฀standard฀desktop฀integration฀tool฀of฀choice฀since฀ PCs฀were฀introduced฀into฀the฀IT฀stack,฀a฀spreadsheet฀to฀pull฀the฀ information฀from฀the฀CRM,฀manipulate฀the฀order฀from฀the฀order฀ management฀system,฀and฀decide฀the฀correct฀discount.฀ ฀ Like฀it฀or฀not,฀the฀lack฀of฀agility฀and฀flexibility฀in฀IT฀systems฀ and฀the฀associated฀integration฀has฀created฀a฀whole฀secondary฀ market฀of฀PC-based฀integration฀needs฀and฀techniques.฀Mainframe฀terminal฀emulators฀have฀scripting฀languages฀to฀pull฀information฀off฀the฀mainframe฀to฀the฀client,฀client/server฀systems฀ have฀the฀ability฀to฀export฀reports฀locally,฀and฀desktop฀tools฀to฀ manage,฀manipulate,฀and฀dissect฀these฀datasets฀have฀grown฀very฀ powerful.฀The฀user฀community฀in฀your฀organization฀has฀learned฀ how฀to฀integrate฀their฀business฀sub-processes฀without฀using฀IT฀ to฀achieve฀the฀flexibility฀and฀agility฀that฀the฀business฀requires.฀ Not฀an฀ideal฀solution,฀but฀workable,฀until฀the฀Internet฀came฀

www.WSJ2.com

along,฀and฀all฀of฀a฀sudden,฀customers฀didn’t฀expect฀to฀have฀to฀ deal฀with฀a฀person.฀The฀systems฀needed฀to฀be฀as฀smart,฀flexible,฀ and฀agile฀as฀your฀business฀users. ฀ The฀hope฀for฀SOA,฀therefore,฀isn’t฀just฀that฀it’s฀standards-based,฀ and฀therefore฀reusable.฀It’s฀also฀that฀the฀integration฀points฀into฀ the฀systems฀have฀to฀mirror฀the฀details฀of฀the฀business฀process.฀Too฀ coarse฀of฀a฀service฀definition฀and฀you฀have฀the฀same฀problems฀ with฀lack฀of฀flexibility฀and฀agility.฀Of฀course,฀if฀you฀define฀a฀too฀ finely฀grained฀service,฀most฀of฀the฀business฀process฀logic฀wrapped฀ up฀in฀your฀legacy฀assets฀will฀have฀to฀be฀recoded฀into฀the฀workflow฀ orchestrating฀these฀services.฀Therefore,฀the฀real฀hope฀for฀SOA฀to฀be฀ able฀to฀provide฀the฀agility฀and฀flexibility฀to฀the฀enterprise฀is฀defining฀services฀that฀mirror฀the฀business฀process฀at฀the฀correct฀level฀of฀ granularity,฀allowing฀for฀easy฀reusability฀to฀quickly฀compose฀supporting฀new฀business฀processes. ฀ The฀standard฀process฀of฀defining฀and฀documenting฀business฀ processes฀is฀a฀top-down฀analysis฀starting฀with฀the฀large฀macro-business฀process฀definition฀and฀iteratively฀breaking฀down฀the฀processes฀ step-by-step.฀For฀example,฀order฀management฀consists฀of฀entry,฀ change,฀inquiry,฀etc.฀Business฀process฀analysis฀isn’t฀a฀new฀discipline;฀however,฀it’s฀a฀long฀and฀expensive฀process.฀Often,฀by฀the฀time฀ the฀business฀processes฀are฀fully฀identified฀and฀documented,฀the฀ business฀itself฀has฀changed.฀And฀all฀too฀frequently,฀as฀the฀process฀ becomes฀more฀detailed,฀the฀analysis฀stops฀–฀and฀in฀the฀world฀of฀ SOA,฀where฀getting฀the฀micro-process฀details฀right฀is฀essential,฀ taking฀business฀process฀analysis฀down฀to฀the฀details฀is฀an฀absolute฀ necessity.

Figure฀1

Figure฀2

June฀2006฀฀31฀฀

BPD

In the world of SOA, where getting the micro-process details right is essential, taking business process analysis down to the details is an absolute necessity ฀ Business฀process฀discovery฀(BPD)฀is฀an฀emerging฀field฀of฀tools฀and฀ methodologies฀that฀allow฀for฀a฀bottoms-up฀approach฀to฀business฀ process฀analysis.฀Rather฀than฀starting฀with฀a฀top-down฀coursegrained฀to฀finer-grained฀approach,฀BPD฀examines฀the฀current฀work฀ processes฀starting฀with฀the฀details,฀and฀builds฀up฀a฀picture฀of฀the฀ business฀process฀based฀on฀the฀actual฀evidence฀of฀the฀work฀being฀ done.฀ ฀ The฀allure฀of฀BPD฀is฀to฀very฀quickly฀discover,฀detail,฀and฀document฀localized฀business฀processes฀to฀enable฀the฀definition฀and฀construction฀of฀SOA฀services.฀Rather฀than฀waiting฀for฀a฀long,฀expensive฀ top-down฀analysis,฀BPD฀can฀very฀quickly฀provide฀the฀evidence฀required฀to฀make฀intelligent฀decisions฀on฀the฀granularity฀of฀a฀service฀ in฀the฀context฀of฀the฀supporting฀business฀process.฀ ฀ BPD฀is฀not฀only฀quicker;฀it฀also฀produces฀a฀higher-quality฀business฀process฀description.฀The฀traditional฀top-down฀approach฀ makes฀process฀assumptions฀based฀on฀interviews฀with฀business฀ process฀experts.฀However,฀no฀matter฀how฀skilled฀the฀expert,฀and฀ how฀good฀the฀BPA฀methodology,฀there฀is฀often฀a฀great฀deal฀of฀error฀ associated฀with฀the฀process,฀both฀in฀terms฀of฀omission฀of฀process฀ details฀and฀exceptions,฀as฀well฀as฀misunderstanding฀the฀process฀ nuances฀executed฀by฀different฀business฀groups.฀ ฀ Flaws฀in฀business฀process฀details฀become฀critical฀in฀the฀context฀of฀ creating฀a฀service฀that฀mirrors฀the฀detailed฀business฀process.฀Interestingly,฀the฀standard฀method฀to฀resolve฀these฀unforeseen฀situations฀ is฀to฀do฀a฀variant฀of฀BPD,฀which฀in฀standard฀software฀development฀ would฀be฀called฀testing.฀Long฀arduous฀testing฀cycles฀are฀the฀standard฀ pre-requisite฀to฀any฀major฀systems฀project,฀and฀perform฀the฀role฀of฀

BPD,฀after฀the฀system฀has฀been฀designed฀and฀built,฀to฀find฀all฀of฀the฀ details฀forgotten฀in฀the฀design฀process.฀While฀effective,฀this฀slow฀afterthe-fact฀process฀seems฀to฀limit฀the฀promise฀of฀finally฀providing฀the฀ agility฀and฀flexibility฀in฀IT฀the฀business฀requires. ฀ SOA฀brings฀the฀promise฀of฀IT฀agility฀through฀existing฀system฀and฀ interface฀reuse฀if฀the฀services฀are฀defined฀appropriately.฀Defining฀ what฀an฀appropriate฀business฀process฀is฀to฀encapsulate฀as฀a฀service฀ is฀the฀key฀to฀SOA฀success.฀Either฀too฀fine฀a฀grain,฀or฀too฀course,฀will฀ result฀in฀continued฀investment฀in฀the฀service,฀at฀best฀re-versioning฀ the฀service,฀at฀worst,฀non-reusable฀service฀proliferation.฀ Business฀process฀analysis฀tools฀and฀methodologies฀provide฀an฀ excellent฀top-down฀analysis฀to฀put฀business฀processes฀into฀context.฀ However,฀they฀are฀poor฀at฀deriving฀the฀details฀of฀a฀business฀process.฀ Business฀process฀discovery฀tools฀excel฀at฀discovering฀the฀details฀of฀ a฀business฀process฀from฀real฀business฀use.฀Applying฀both฀of฀these฀ tools฀together฀can฀quickly฀provide฀a฀business฀process฀map,฀complete฀with฀details,฀allowing฀your฀services฀to฀finally฀meet฀the฀needs฀ of฀the฀business,฀providing฀a฀quick,฀agile฀IT฀architecture฀to฀meet฀the฀ ever-evolving฀needs฀of฀every฀business.฀฀ About฀the฀Author As฀president฀and฀chief฀technology฀officer,฀Stuart฀Burris฀is฀responsible฀for฀the฀overall฀management฀of฀OpenConnect฀as฀well฀as฀its฀technology฀vision฀and฀strategy.฀Stuart฀joined฀OpenConnect฀ in฀1990฀and฀has฀held฀a฀variety฀of฀research฀and฀product฀development฀roles,฀most฀recently฀as฀ vice-president,฀research฀and฀development.฀During฀his฀tenure฀at฀OpenConnect,฀he฀has฀been฀ instrumental฀in฀the฀development฀of฀the฀architecture฀for฀the฀company’s฀industry฀leading฀mainframe-to-Web฀products฀used฀by฀thousands฀of฀companies฀worldwide.

SOA฀—continued฀from฀page฀50 dling,฀and฀process฀decomposition,฀including฀service฀and฀process฀reuse.฀ ฀ Orchestrations฀may฀span฀a฀few฀internal฀ systems,฀systems฀between฀organizations,฀or฀ both.฀Moreover,฀orchestrations฀are฀long-running,฀multi-step฀transactions,฀almost฀always฀ controlled฀by฀one฀business฀party,฀and฀are฀ loosely฀coupled฀and฀asynchronous฀in฀nature. ฀ We฀can฀consider฀orchestration฀as฀really฀ another฀complete฀layer฀over฀abstract฀services,฀ per฀our฀architecture.฀Orchestration฀encapsulates฀these฀integration฀points,฀binding฀them฀ together฀to฀form฀higher-level฀processes฀and฀ composite฀services.฀Indeed,฀orchestrations฀ themselves฀should฀become฀services.฀ ฀ Orchestration฀is฀a฀necessity฀if฀you’re฀ building฀an฀SOA,฀intra-฀or฀interorganization.฀It’s฀the฀layer฀that฀creates฀business฀ solutions฀from฀the฀vast฀array฀of฀abstract฀ services,฀and฀from฀information฀flows฀found฀ in฀new฀and฀existing฀systems.฀Orchestration฀ is฀a฀god-like฀control฀mechanism฀that’s฀able฀ to฀put฀our฀SOA฀to฀work,฀as฀well฀as฀provide฀a฀ 32฀฀June฀2006

point฀of฀control.฀Orchestration฀layers฀allow฀ you฀to฀change฀the฀way฀your฀business฀functions,฀as฀needed,฀to฀define฀or฀redefine฀any฀ business฀process฀on-the-fly.฀This฀provides฀ the฀business฀with฀the฀flexibility฀and฀agility฀ needed฀to฀compete฀today. ฀ Orchestration฀must฀provide฀dynamic,฀ flexible,฀and฀adaptable฀mechanisms฀to฀meet฀ the฀changing฀needs฀of฀the฀domain.฀This฀is฀accomplished฀through฀the฀separation฀of฀process฀ logic฀and฀the฀abstract฀services฀employed.฀The฀ loosely฀coupled฀nature฀of฀orchestration฀is฀key,฀ since฀there฀are฀no฀requirements฀for฀all฀services฀to฀be฀up-and-running฀at฀the฀same฀time฀ in฀order฀for฀orchestrations฀to฀run.฀This฀is฀also฀ essential฀for฀long-running฀transactions.฀Also,฀ as฀services฀change฀over฀time,฀there฀is฀typically฀ no฀need฀to฀alter฀the฀orchestration฀layer฀to฀ accommodate฀the฀changes,฀at฀least฀not฀if฀they฀ are฀architected฀properly.฀

Interface ฀ The฀purpose฀of฀the฀interface฀layer฀is฀

to฀take฀services฀–฀core,฀abstract,฀or฀those฀ exposed฀through฀orchestration฀–฀to฀human฀ beings.฀Within฀this฀architecture,฀the฀user฀ interface฀communicates฀directly฀with฀these฀ services฀through฀its฀asynchronous฀mechanisms,฀and฀exposes฀the฀information฀or฀ behavior฀to฀the฀user. ฀ Within฀the฀interface฀layers,฀SOA฀developers฀can฀mix฀and฀match฀services฀and฀information฀and฀bind฀them฀to฀a฀dynamic฀interface฀ in฀a฀way฀that฀makes฀sense฀for฀the฀end฀user.฀ For฀instance,฀you฀may฀take฀an฀abstracted฀ data฀service฀to฀populate฀a฀customer฀list,฀and฀ a฀risk฀service฀to฀process฀against฀that฀list,฀and฀ another฀abstract฀data฀service฀to฀place฀the฀ information฀back฀into฀a฀data฀store.฀฀฀฀ ฀ About฀the฀Author David฀S.฀Linthicum฀is฀the฀president฀and฀CEO฀of฀BRIDGEWERX,฀ and฀the฀author฀of฀several฀books฀on฀application฀integration฀ and฀service-oriented฀architecture,฀and฀the฀host฀of฀the฀SOA฀ Expert฀Podcast.฀ [email protected] www.WSJ2.com

INTEGRATION

Leveraging฀gSOAP฀for฀ Legacy฀Systems฀Integration The฀SOA฀revolution฀progresses WRITTEN฀BY฀JAMES฀CAPLE

฀฀The฀world฀was฀about฀to฀change,฀argued฀Don฀Box฀of฀DevelopMentor฀when฀he฀ extolled฀the฀virtues฀of฀SOAP,฀the฀Simple฀Object฀Access฀Protocol,฀at฀the฀2001฀USENIX฀ Conference฀on฀Object-Oriented฀Technologies฀and฀Systems฀(COOTS).฀

L

istening฀to฀Box฀discuss฀the฀impending฀ demise฀of฀Visual฀Basic฀–฀at฀least฀as฀it฀ was฀known฀at฀the฀time฀–฀and฀DCOM฀ due฀to฀the฀emergence฀of฀.NET฀and฀the฀Common฀Language฀Runtime฀(CLR),฀as฀well฀as฀ animated฀discussions฀of฀a฀burgeoning฀new฀ SOAP฀specification,฀was฀my฀introduction฀ to฀the฀Service฀Oriented฀Architecture฀(SOA)฀ Revolution.฀Of฀course฀distributed฀computing฀was฀nothing฀new,฀but฀certainly฀the฀scale฀ and฀universality฀of฀the฀paradigm฀was฀set฀to฀ explode฀–฀or฀so฀it฀seemed.฀ ฀ Since฀this฀conference,฀slowly฀but฀surely,฀ much฀of฀what฀Box฀prognosticated฀has฀come฀ to฀pass,฀albeit฀not฀as฀swiftly฀or฀universally฀ as฀initially฀indicated.฀Microsoft฀.NET฀has฀ not฀exactly฀taken฀the฀Web฀Services฀World฀ by฀storm฀(or฀HailStorm฀for฀that฀matter),฀but฀ Web฀Services฀in฀general฀are฀making฀serious฀ inroads฀nonetheless.

The฀SOA฀Revolution ฀ The฀SOA฀paradigm฀is฀revolutionary฀because฀it฀has฀changed฀our฀view฀of฀distributed฀ components.฀More฀and฀more฀all฀kinds฀of฀ organizations฀are฀thinking฀about฀how฀to฀ design฀and฀build฀systems฀and฀APIs฀that฀are฀ self-describing฀and฀easily฀used฀by฀other฀systems฀elsewhere฀in฀the฀universal฀federation฀ of฀globally฀accessible฀software฀components.฀ Today,฀in฀fact,฀a฀grassroots฀movement฀is฀ afoot฀that฀seeks฀to฀build฀new฀and฀interesting฀applications฀out฀of฀public฀Web฀Services฀ that฀are฀known฀as฀mashups.฀Mashups฀are฀ of฀great฀interest฀because฀of฀the฀relative฀ simplicity฀and฀agility฀with฀which฀complex฀ functionality฀can฀be฀built฀using฀well-known฀ tools฀and฀technologies฀like฀SOAP,฀Really฀

34฀฀June฀2006

Simple฀Syndication฀(RSS),฀JavaScript,฀and฀ XML.฀Deriving฀complex฀functionality,฀ simply,฀is฀a฀recipe฀for฀widespread฀adoption฀ and฀involvement.฀In฀essence,฀this฀grassroots฀ mashup฀movement฀is฀giving฀rise฀to฀patterns฀ and฀technologies฀that฀can฀be฀employed฀in฀ the฀enterprise฀to฀solve฀existing฀problems฀ associated฀with฀(agile)฀external,฀as฀well฀as฀ internal,฀data฀integration.฀ ฀ It฀seems฀much฀of฀the฀focus฀today฀with฀ regard฀to฀SOA฀is฀on฀developing฀outwardly฀ looking฀APIs฀for฀external฀consumers฀of฀an฀ application’s฀data฀and฀functionality฀(i.e.,฀ solving฀problems฀associated฀with฀extra-organizational฀data฀integration).฀For฀example,฀ a฀lot฀of฀buzz฀has฀been฀generated฀by฀Representational฀State฀Transfer฀(REST)฀–฀and฀ SOAP-based฀APIs฀made฀available฀by฀large฀ commercial฀Web฀applications฀such฀as฀eBay,฀ Google,฀Craigslist,฀and฀Yahoo,฀which฀are฀ exposed฀so฀hackers฀around฀the฀world฀can฀ create฀fanciful฀new฀mashups฀–฀and฀more฀ market฀interest฀and฀brand฀awareness฀in฀ the฀company฀exposing฀the฀interesting฀new฀ functionality.฀ ฀ Technologists฀and฀average฀users฀alike฀ are฀intrigued฀to฀see฀what฀interesting฀new฀

software฀and฀eye-candy฀can฀be฀built฀out฀of฀ the฀Web-based฀building฀blocks฀emerging฀on฀ the฀Internet฀today฀(e.g.,฀Google฀Maps).฀ This฀is฀the฀sexy฀side฀of฀SOA,฀(which฀is฀arguably฀most฀useful฀for฀selling฀ads).฀ ฀ The฀not-so-sexy฀side฀of฀SOA฀means฀addressing฀the฀problems฀associated฀with฀the฀ legacy฀software฀behind฀the฀average฀enterprise฀firewall฀that฀wasn’t฀initially฀designed฀ to฀share฀data฀with฀new฀and฀future฀software฀ applications.฀It’s,฀ironically,฀this฀not-sosexy฀side฀of฀SOA฀that฀may฀offer฀the฀average฀ enterprise฀the฀best฀return฀on฀investment฀ (ROI),฀especially฀when฀patterns฀and฀technologies฀from฀the฀sexy฀side฀are฀employed. ฀ So฀without฀further฀ado฀the฀remainder฀ of฀this฀article฀will฀focus฀on฀the฀dark฀side฀ of฀SOA:฀integrating฀new฀software฀applications฀with฀legacy฀software.฀In฀particular,฀ this฀article฀will฀discuss฀the฀use฀of฀the฀gSOAP฀ framework฀to฀SOAP-enable฀legacy฀C/C++฀ applications฀so฀legacy฀systems฀can฀be฀ turned฀into฀Web-enabled฀APIs,฀accessible฀ by฀SOAP-based฀interfaces฀for฀easy฀internal฀ and/or฀external฀integration฀with฀existing,฀as฀ well฀as฀future,฀systems.฀ ฀ As฀with฀the฀sexy฀side฀of฀SOA,฀agility฀and฀ simplicity฀are฀key฀components฀of฀a฀successful฀data฀integration฀strategy.฀Lack฀of฀these฀ ingredients฀may฀not฀prevent฀a฀working฀ short-term฀solution,฀but฀may฀very฀well฀ contribute฀to฀these฀system฀parts฀becoming฀more฀and฀more฀isolated฀and฀eventually฀ abandoned฀over฀time.

Agility฀&฀Simplicity฀as฀Key฀ Integration฀Ingredients ฀ Successful฀well-baked฀software฀has฀just฀ as฀many฀technical฀ingredients฀in฀it฀as฀nontechnical.฀Some฀might฀say฀the฀non-technical฀ingredients฀are฀the฀most฀important;฀they฀ are฀to฀software฀what฀yeast฀is฀to฀bread.฀Nontechnical฀ingredients฀are฀the฀intangibles฀ such฀as฀software฀team฀dynamics,฀flat฀orga-

www.WSJ2.com

nizational฀hierarchies,฀agile฀development฀ methodologies,฀good,฀simple฀tools,฀and฀ the฀encouragement฀of฀the฀hacker฀culture.฀ So฀what฀exactly฀makes฀a฀tool฀or฀framework฀ agile฀or฀simple,฀and฀what฀does฀this฀have฀to฀ do฀with฀gSOAP฀and฀the฀SOA฀Revolution? ฀ Agility฀and฀simplicity฀are฀the฀raison฀ d’être฀behind฀technologies฀like฀SOAP.฀The฀ Common฀Object฀Request฀Broker฀Architecture฀(CORBA)฀and฀Java’s฀Remote฀Method฀ Invocation฀(RMI),฀for฀example,฀are฀arguably฀ not฀agile฀or฀simple฀frameworks฀comparatively฀speaking฀for฀solving฀interoperability฀ problems;฀they’re฀rather฀complex฀to฀build฀ with฀and฀unwieldy฀to฀deploy.฀RMI฀facilitates฀ distributed฀computing,฀but฀only฀among฀ homogeneous฀Java฀components.฀CORBA฀ opens฀up฀distributed฀computing฀to฀a฀wider฀ array฀of฀objects฀written฀in฀other฀programming฀languages,฀but฀neither฀can฀scale฀to฀the฀ level฀of฀HTTP฀and฀SOAP.฀What฀the฀early฀SOA฀ revolutionaries฀realized฀is฀that฀most฀organizations฀run฀a฀Web฀server,฀and฀many฀use฀the฀ default฀port฀80฀with฀firewall฀provisions฀for฀ external฀access฀to฀this฀port.฀They฀also฀realized฀that฀there฀was฀a฀large฀Web฀developer฀ community฀that฀understood฀Web฀servers฀ and฀the฀Hypertext฀Transfer฀Protocol฀(HTTP)฀ and฀XML.฀Long-term฀ROI฀from฀the฀tech-

nologies฀used฀is฀closely฀tied฀to฀grassroots฀ developer฀acceptance฀of฀a฀given฀technology฀ today.฀HTTP,฀unlike฀the฀Internet฀Inter-Orb฀ Protocol฀(IIOP)฀employed฀by฀both฀RMI฀and฀ CORBA,฀offers฀ubiquity฀in฀terms฀of฀use฀and฀ infrastructure.฀It’s฀lightweight฀and฀easy฀ to฀understand.฀HTTP฀is฀an฀agile,฀simple฀ protocol.฀SOAP฀piggybacks฀on฀top฀of฀HTTP฀ making฀it฀an฀agile฀cousin.฀Agile,฀simple฀ tools฀and฀technologies,฀therefore,฀provide฀ greater฀ROI฀than฀their฀less฀agile,฀more฀complicated฀counterparts฀primarily฀because฀of฀ such฀things฀as฀application฀maintenance,฀ the฀implementation฀time฀due฀to฀simplicity฀and฀documentation,฀the฀universality฀of฀ acceptance฀and฀adherence฀to฀standards,฀ scalability,฀etc.฀Intangibles฀such฀as฀agility฀ and฀simplicity฀have฀nothing฀and฀everything฀ to฀do฀with฀SOAP,฀the฀SOA฀Revolution,฀and฀ gSOAP.

What฀is฀gSOAP? ฀ gSOAP฀is฀an฀Open฀Source฀(General฀Public฀ License)฀SOAP-based฀framework฀that฀ facilitates฀the฀generation฀of฀SOAP฀client฀and฀ server฀code฀from฀Web฀Services฀Description฀ Language฀(WSDL)฀files.฀Existing฀C/C++฀ header฀files฀can฀also฀be฀used฀to฀generate฀ WSDL฀files.฀It฀provides฀native฀and฀user-

defined฀C฀and฀C++฀bindings฀to฀XML฀and฀ vice฀versa.฀The฀current฀version฀of฀gSOAP฀is฀ 2.7.7.฀Target฀platforms฀include฀MS฀Windows฀ (Win32,฀Cygwin,฀and฀MS-DOS),฀Linux฀(Red฀ Hat฀and฀SuSE),฀Unix฀(Solaris,฀HP-UX,฀FreeBSD,฀TRU64,฀Irix,฀QNX,฀and฀AIX),฀Mac฀OS฀X,฀ VxWorks,฀WinCE,฀Palm฀OS,฀and฀Symbian.฀ The฀gSOAP฀framework฀is฀supported฀and฀ maintained฀by฀Genivia,฀a฀company฀founded฀ by฀Robert฀A.฀van฀Engelen,฀an฀associate฀ professor฀of฀computer฀science฀at฀the฀Florida฀ State฀University.฀There฀are฀a฀number฀of฀ SOAP-based฀frameworks฀to฀choose฀from฀ these฀days,฀but฀gSOAP฀is฀one฀of฀the฀most฀ performant.฀In฀sum,฀gSOAP฀is฀a฀lightweight฀ framework฀easily฀employed฀to฀create฀Web฀ Services฀from฀C/C++฀components.

A฀Quick฀Introduction ฀ The฀gSOAP฀distribution฀comes฀with฀many฀ sample฀programs฀that฀should฀be฀sufficient฀ to฀get฀up฀and฀running฀with฀the฀framework฀ relatively฀quickly.฀For฀clarification฀relative฀ to฀this฀discussion,฀however,฀a฀quick฀tutorial฀ for฀writing฀a฀Hello฀World฀C++฀SOAP฀service฀ is฀presented.฀This฀brief฀example฀presents฀ the฀fundamental฀elements฀required฀for฀ Web-enabling฀legacy฀system฀functions฀written฀in฀C/C++฀libraries฀using฀gSOAP.

The New and Improved:

Now Including…

BPEL4WS 1.1 WS-BPEL 2.0 to Ten Things Your EII Ve nd May Not Te or ll You

Business Pr oc Orchestratio ess n

• Real-World Web Services: XML’s Killer App! • How to Use SOAP in the Enterprise • Demystifying ebXML for success • Authentication, Authorization, and Auditing • BPM - Business Process Management • Latest information on Evolving Standards • Vital technology insights from the nation’s leading Technologists • Industry Case Studies and Success Stories • Making the Most of .NET

• Web Services Security • How to Develop and Market Your Web Services • EAI and Application Integration Tips • The Marketplace: Tools, Engines, and Servers • Integrating XML in a Web Services Environment • Wireless: Enable Your WAP Projects and Build Wireless Applilcations with Web Services! • Real-World UDDI • Swing-Compliant Web Services • and much, much more!

www.WSJ2.com or 1-888-303-5252 OFFER SUBJECT TO CHANGE WITHOUT NOTICE.

www.WSJ2.com

June฀2006฀฀35฀฀

INTEGRATION

The not-so-sexy side of SOA means addressing the problems associated with the legacy software behind the average enterprise firewall... A฀Hello฀World฀gSOAP฀Server ฀ The฀first฀step฀when฀writing฀a฀Web฀Service฀ is฀to฀think฀about฀the฀functionality฀you฀want฀ to฀expose฀to฀the฀world.฀In฀this฀case,฀our฀ simple฀Hello฀World฀function฀will฀be฀called฀ shareLegacyData().฀This฀will฀be฀the฀entry฀ point฀of฀our฀SOAP฀endpoint.฀This฀function฀ will฀in฀turn฀call฀a฀function฀in฀an฀existing฀ static฀C++฀library฀and฀will฀return฀the฀results฀ of฀the฀library฀call.฀Listing฀1฀has฀the฀C++฀code฀ for฀the฀gSOAP฀server฀example. ฀ Once฀compiled,฀this฀server฀can฀be฀run฀as฀ a฀Common฀Gateway฀Interface฀(CGI)฀script฀ in฀Apache฀or฀IIS฀by฀putting฀the฀resulting฀ binary฀in฀the฀cgi-bin฀directory฀of฀your฀Web฀ server฀as฀a฀quick฀way฀of฀getting฀a฀gSOAP฀ server฀up฀and฀running.฀But฀CGI-based฀ gSOAP฀servers฀aren’t฀the฀only฀option.฀While฀ it’s฀beyond฀the฀scope฀of฀this฀article฀to฀ discuss฀gSOAP฀servers฀in฀depth,฀it’s฀worth฀ noting฀the฀various฀server฀options: 1.฀Servers฀can฀be฀a฀CGI฀program฀(as฀just฀ demonstrated). 2.฀Servers฀can฀be฀a฀CGI฀program฀using฀ FastCGI฀or฀with฀the฀Apache฀mod_gsoap฀ module. 3.฀Use฀the฀gSOAP฀framework฀to฀write฀your฀ own฀multi-threaded฀standalone฀server฀ using฀pthreads. ฀ The฀server฀method฀you฀choose฀is฀completely฀up฀to฀you.฀Obviously฀there฀are฀pros฀ and฀cons฀associated฀with฀each.฀Compiling฀ your฀server฀as฀a฀simple฀CGI฀is฀probably฀ the฀easiest฀route฀when฀getting฀used฀to฀the฀ framework.฀Production฀gSOAP฀servers฀ should฀probably฀employ฀the฀second฀or฀third฀ option฀because฀of฀the฀inherent฀inefficiencies฀associated฀with฀CGI. ฀ One฀key฀aspect฀of฀this฀simple฀example฀ is฀the฀somewhat฀subtle฀integration฀of฀ the฀SimpleLibrary฀class.฀This฀library฀can฀ be฀compiled฀as฀a฀static฀or฀shared฀C++฀ library.฀If฀compiled฀as฀a฀static฀library,฀ using฀this฀library฀in฀our฀example฀server฀ class฀is฀straightforward฀when฀deploying฀ the฀Web฀Service฀as฀a฀CGI฀server.฀Once฀ compiled,฀the฀functions฀in฀the฀static฀SimpleLibrary฀class฀get฀baked฀into฀the฀end฀ product฀–฀article.cgi฀–฀which฀requires฀no฀ additional฀environmental฀configuration฀ as฀in฀Listing฀1. 36฀฀June฀2006

฀ If฀SimpleLibrary฀is฀compiled฀as฀a฀shared฀ library฀(*.so),฀however,฀the฀SimpleLibrary. so฀shared฀library฀contains฀functionality฀ external฀to฀article.cgi฀(not฀baked฀in),฀and฀ must฀therefore฀be฀properly฀referenced฀at฀ runtime฀using฀environment฀configurations฀like฀LD_LIBRARY_PATH,฀or฀otherwise฀ making฀sure฀gSOAP฀Server฀can฀find฀the฀ required฀shared฀libraries.฀As฀a฀result,฀to฀run฀ article.cgi฀in฀Apache฀using฀libSimpleLibrary.so,฀for฀example,฀one฀could฀configure฀ Apache฀by฀adding฀the฀following฀line฀to฀ httpd.conf: httpd.conf Configuration SetEnv LD_LIBRARY_PATH /full/path/to/shared/lib

You฀could฀also฀copy฀libSimpleLibrary.so฀to฀ /usr/lib,฀for฀example,฀to฀ensure฀the฀library฀is฀ found฀for฀use฀at฀runtime.

A฀Hello฀World฀gSOAP฀Client ฀ For฀our฀example,฀the฀supporting฀WSDL฀ is฀generated฀from฀the฀header฀file฀(Server.h),฀ which฀is฀used฀to฀generate฀the฀supporting฀ SOAP฀server฀code฀using฀the฀soapcpp2฀utility.฀If฀you฀have฀an฀existing฀WSDL,฀C++฀client-side฀code฀is฀easily฀generated฀using฀the฀ wsdl2h฀utility.฀It’s฀also฀possible฀to฀generate฀ SOAP฀client฀code฀automatically฀from฀WSDL฀ files฀using฀other฀toolkits.฀For฀example,฀the฀ wscompile฀utility฀in฀the฀Java฀JaxRPC฀module฀ of฀the฀WSDP฀2.0฀toolkit฀can฀be฀used฀to฀generate฀a฀Java฀JaxRPC฀client฀for฀a฀gSOAP฀Web฀ Service. Server.h //gsoap ns1 service location: http://192.168.0.2/cgibin/article.cgi int ns1__shareLegacyData(char *&resp);

฀ The฀//gsoap฀directive฀in฀the฀header฀ file฀can฀be฀used฀to฀specify,฀among฀other฀ things,฀a฀SOAP฀endpoint฀when฀not฀explicitly฀supplied฀to฀the฀client฀application.฀ The฀client฀C++฀source฀code฀listing฀is฀in฀ Listing฀2 ฀ And฀last฀but฀not฀least,฀in฀Listing฀3฀there’s฀ a฀simple฀Makefile฀that฀can฀be฀used฀to:฀ 1.฀Generate฀the฀necessary฀stub/skeleton฀ code฀from฀the฀header฀file;฀

2.฀Compile฀the฀example฀legacy฀library฀code;฀ 3.฀Compile฀the฀server฀example฀and฀ 4.฀Compile฀the฀client฀example. ฀ In฀summary,฀this฀simple฀Hello฀World฀ example฀has฀demonstrated฀the฀fundamentals฀of฀building฀and฀deploying฀a฀complete฀ end-to-end฀Web฀Service฀using฀gSOAP฀–฀one฀ that฀makes฀functions฀defined฀in฀external฀ C/C++฀libraries฀accessible฀throughout฀the฀ Web฀Services฀universe฀using฀HTTP.฀So฀this฀ example฀can฀be฀used฀as฀a฀template฀for฀more฀ sophisticated฀legacy฀systems฀integration฀ using฀gSOAP.

Conclusion ฀ The฀successful฀use฀of฀gSOAP฀for฀solving฀problems฀associated฀with฀integrating฀ internal฀legacy฀application฀code฀with฀new฀ software฀modules,฀using฀the฀patterns฀and฀ techniques฀described฀above,฀makes฀certain฀ key฀assumptions:฀ 1.฀Legacy฀system฀application฀code฀is฀written฀ in฀C/C++฀and฀ 2.฀The฀legacy฀functions฀that฀need฀exposing฀ will฀ideally฀already฀be฀available฀in฀static฀or฀ shared฀C/C++฀libraries.฀ ฀ These฀assumptions฀don’t฀invariably฀apply฀ to฀all฀situations,฀but฀will฀undoubtedly฀apply฀ to฀some,฀in฀which฀case฀the฀lessons฀shared฀ in฀this฀article฀may฀prove฀helpful.฀Once฀employed,฀however,฀the฀resulting฀Web฀Services฀ will฀be฀universally฀accessible฀and฀usable฀for฀ years฀to฀come. ฀ As฀the฀SOA฀revolution฀progresses,฀slowly฀ but฀surely,฀it’s฀becoming฀more฀and฀more฀ evident฀how฀SOA฀can฀be฀leveraged฀to฀create฀complex฀new฀functionality฀quickly฀by฀ mixing฀and฀mashing฀Web฀components฀from฀ around฀the฀Web฀Services฀universe,฀as฀well฀ as฀to฀breathe฀new฀life฀into฀legacy฀systems฀ code.฀Frameworks฀such฀as฀gSOAP฀are฀powerful,฀cost-effective฀tools฀in฀facilitating฀the฀ development฀of฀Web฀Service฀APIs฀intended฀ for฀both฀internal฀and฀external฀consumption.฀ Long฀live฀the฀revolution!฀฀ About฀The฀Author James฀Caple฀is฀a฀systems฀engineer฀with฀Northrop฀Grumman. www.WSJ2.com

Listing฀1:฀Server.cpp #include “soapH.h” /* include generated proxy and SOAP support */ #include “ns1.nsmap” #include “SimpleLibrary.h” int main() { soap_serve(soap_new()); } int ns1__shareLegacyData(struct soap *soap, char *&resp) { SimpleLibrary simple; /* Library containing legacy functions */ resp = simple.sayHello(); return SOAP_OK; }

฀ ฀ Listing฀2:฀SimpleLibrary.h class SimpleLibrary { public: SimpleLibrary(); ~SimpleLibrary(); char * sayHello(); };

SimpleLibrary.cpp

/** ** This is a simple library example that can be ** compiled as either a static (.a) or shared (.so) ** library. **/ #include “SimpleLibrary.h” /** * A simple C++ constructor */ SimpleLibrary::SimpleLibrary() { } /** * A simple C++ deconstructor */ SimpleLibrary::~SimpleLibrary() { } /** * A simple library API, whose functionality will be exposed * as a Web Service. */ char * SimpleLibrary::sayHello()

www.WSJ2.com

{ }

return “Hello World”;

฀ ฀ Listing฀3:฀Client.cpp #include “soapH.h” // obtain the generated stub #include “ns1.nsmap” // obtain the namespace mapping table int main() { struct soap soap; // gSOAP runtime environment char *resp; soap_init(&soap); // initialize runtime environment (only once) if (soap_call_ns1__shareLegacyData(&soap, NULL, NULL, resp) == SOAP_OK) std::cout