More Related Content Similar to Paul Butterworth S O A Runtime Governance Practices Similar to Paul Butterworth S O A Runtime Governance Practices (20) More from SOA Symposium (20) Paul Butterworth S O A Runtime Governance Practices1. 1
Founding Sponsors
This Presentation Courtesy of the
International SOA Symposium
October 7-8, 2008 Amsterdam Arena
www.soasymposium.com
info@soasymposium.com
Gold Sponsors
Platinum Sponsors
Silver Sponsors
SOA Runtime Governance
Practices
Paul Butterworth
Chief Technology Officer
AmberPoint, Inc
October 2008
2. 2
© 2008 AmberPoint, Inc. 3
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
Based on experiences with ~200 users
© 2008 AmberPoint, Inc. 4
firewall
Typical Service Network Topology
Shared
Services External
Services
Order Entry
Accounting
Partner
Internal
Services
Credit
Services not
applications
Shared
Dynamic
Federated
3. 3
© 2008 AmberPoint, Inc.
Typical Service Network Infrastructure
Java
Service
Mainframe
Application
Web
Service
DBMS
Biz
Application
Biz
Application
Network
Service Bus
Appliance
In all but the newest of environments, “SOA” ≠ “Just Web Services & XML”
© 2008 AmberPoint, Inc. 6
Keys to Successful Governance and Management
of SOA Applications
Continuous SOA Discovery
Service Management &
Security
4. 4
© 2008 AmberPoint, Inc. 7
Keys to Successful Governance and Management
of SOA Applications
Business System Validation
Closed Loop Governance
Continuous SOA Discovery
Service Management &
Security
Business Transaction
Management
Business
Architects & Development
Operations
© 2008 AmberPoint, Inc. 8
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
Based on experiences with ~200 users
5. 5
© 2008 AmberPoint, Inc. 9
Messaging
Discovery and Application Mapping
Dynamic Discovery of your SOA
environment…
Application Flow & Transactions
Dependencies
Services
Consumers
Runtime Policies & Metadata
…across Heterogeneous
Infrastructure
Containers
ESBs & Process Engines
Appliances
Registries / Repositories
No application, message or
header modifications
Closes the loop with design time
governance
A complete accounting of your SOA
application environment
Intended Design
Running Reality
Repositories
Service
Registries
Home-grown
Databases
© 2008 AmberPoint, Inc.
Hybrid Discovery Model
Enterprise Service Bus
• Approved Services
• Intended Usage
• Policies
Runtime
Repository
Policies
Data / Results
service
contract
• Services (discovered, changes)
• Scorecard Information
• Policies (new, changes)
Discovers
Publishes
Publishes
Changes to services, endpoints and policies
Scorecard metrics – availability, performance, etc.
Dependencies
Detects discrepancy between intentions
(design/dev) and reality (runtime)
RealityDesign
vs.
Service Management
Xact Management
System Validation
Closed Loop Governance
Ensures Closed Loop Governance
?
?
?
Software
Development
Tools
Development
Tools
Repositories/
Registries
Home-grown
Databases
6. 6
© 2008 AmberPoint, Inc. 11
Detailed Metadata of Your SOA Environment
Operational Info:
When service was
discovered
Availability
Type of service
Type of container
Link to WSDL
Business Info:
Business owner
Division
Version
Etc.
Custom:
Chargeback info
Risk assessment
Links to URL‟s
Etc.
Operational Info
Business Info
© 2008 AmberPoint, Inc. 12
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
7. 7
© 2008 AmberPoint, Inc. 13
Service Quality Management
Monitor Performance & Availability
Trends, thresholds, varying intervals, etc.
Isolate areas of interest
Recent additions
“Rogue” services
Problem areas
Specific application groups
Filters
Detail
Graphical View Table View
Monitor Security
Respond to anomalies
© 2008 AmberPoint, Inc.
Service Level Management
Service- and Business-level Visibility
Service
View
Alerts
User
Summary
and
Objectives
Historical
Reporting
Enforce agreements based on business criteria
Flexible calendars, multiple objectives
Granular visibility – groups, users, services, operations
Preventative and corrective actions
8. 8
© 2008 AmberPoint, Inc. 15
Firewall
Identity
Management
Systems
Security
First- and Last-Mile Enforcement
First Mile Security
- Client-side agent
- Automatic
enforcement of out-
bound security
Last Mile Security
- Plug-ins provide endpoint
protection
- No ability to circumvent
Extensive Integration
- Identity Management
Systems
- Security Appliances
- App Server / ESB / OS
Security
<?xml version='1.0'?>
<PaymentInfo
xmlns='http://example.org/paymentv2'>
<Name>John Smith</Name>
<EncryptedData
Type='http://www.w3.org/2001/04/xml
enc#Element'
xmlns='http://www.w3.org/2001/04/x
mlenc#'>
<CipherData>
<CipherValue>A23B45C56</Cipher
Value>
</CipherData>
</EncryptedData>
</PaymentInfo>
env:Fault>
Unknown Servic
"urn:ups-shipping
Service Down
server:8192/e
/soapenv:
<Name>
<Encrypted
Type='http
<CipherDa
<Cipher
</Ciphe
Complete Policy
Library
- Authentication
- Authorization
- Credential Mapping
- Censorship
- Crypto
© 2008 AmberPoint, Inc. 16
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
9. 9
© 2008 AmberPoint, Inc. 17
Business Transaction Management
Managing Individual Services is Not Enough
Real business value is associated
with complete, end-to-end
transactions
Order management
Claims processing
Sales lead qualification
On-line reservations
Common Issues...
No overall view into transaction
status
Minimal business visibility
Slow end-to-end response times
Transactions "disappear"
Business Impact
Internal fire drills and finger
pointing
Unhappy customers
Lost revenue
Process Engine Service Bus
End-to-End
Technical Challenges
Transactions flow through both
service and non-service based
components
Services
Applications
ESBs
Process Engines
Databases
Variety of architectures
Synchronous and asynchronous
messaging
Long running transactions – hours,
days, ...
© 2008 AmberPoint, Inc. 18
Business Transaction Management
Monitoring Performance, Availability & Service Level Agreements
Transaction
Performance &
Availability
Service
Level
Violations
Consumer
SLA’s
Historical
Reporting
Enforces agreements
in real time
Enables preventative
and corrective
actions
Not just reporting
violations after its too
late
Business Groups
Platinum, Gold, etc.
Accounting,
Shipping, etc.
Process Engine Service Bus
End-to-End
10. 10
© 2008 AmberPoint, Inc.
Business Transaction Management
Business Instrumentation
19
Consumer
SLA’s
Business
Groups
Business
Instrumentation
Track business value flowing through
the system
Track revenue, total orders, etc.
Can customize instrumentation and dashboards
© 2008 AmberPoint, Inc. 20
Business Transaction Management
Real-time Detection of Exceptions
Handles Technical and Business
Exceptions
Stalled transactions, missing steps, error
messages
Incorrect data values, boundry
conditions, etc.
User-defined Exception Policies
What to look for – leverage message
content
Action to take – notify, intervene, etc
Rejected Order
Alert
11. 11
© 2008 AmberPoint, Inc. 21
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
© 2008 AmberPoint, Inc.
Runtime Policy Enforcement:
Service Virtualization
Abstracts service changes and versions behind a
published „façade‟ (a „virtual‟ service)
Enables endpoint routing, load-balancing, failover,
transformations etc.
•Sees simpler interface
•Service changes don’t
show through.
Before After
Virtual
Svc
(PEP)
•Load balance
•Route
•Transform
•Version
Service
A
Service
B
OrderLookup
ChangeDate
ChangeQty
ScheduleShip
ChangePrior
LookupETA
Service
A
Service
B
OrderLookup
ChangeDate
ChangeQty
ScheduleShip
ChangePrior
LookupETA
12. 12
© 2008 AmberPoint, Inc.
Policies with a “where clause”
Automatically applies policies based on dynamic attributes and message content.
All production services
All services in Accounting application
All services deployed in WebLogic containers
User-defined attributes for services, containers & policies
Assignments are reevaluated as attributes change
Automatic Policy Provisioning
s1 s5
s4
s2
s6
s3
where
“Accounting”
Security
Encryption
all
services
One-at-a-Time Approach
where deployed
on .NET app servers
Logging
Profile Based Approach
s1
p1
s2
s3
s100
p1 p1 p50
100 svcs x 50 policies
5,000
policy points
Load-Bal
Weighted
Can manage system on “autopilot” where policies are
automatically assigned as appropriate.
Eliminates production mistakes by reducing manual steps.
© 2008 AmberPoint, Inc. 24
Agenda
SOA Topologies
SOA Runtime Governance Practices
Discover
Manage Service Quality
Manage Business Transactions
Prepare for greater scale
Validate changes
13. 13
© 2008 AmberPoint, Inc. 25
“Approved”
25
Business System Validation
Distributed Components and Reuse Puts Business Systems at Risk
Impact of any changes ripple throughout the system
Real impact of planned changes is hard to predict
Impact of unplanned or unannounced changes can be devastating
Yet, most SOA environments find it impossible to setup and replicate all
dependent systems for testing elsewhere
And, new use and reuse creates blind spots in preproduction procedures
Design Development QA
Development Staging Production
Process Engine Service Bus
Need to Validate Integrity of the Entire System Before Installing Changes
© 2008 AmberPoint, Inc. 2626
Validate Impact on Dependent Systems
Development Staging Production
Process Engine Service Bus
The “Preflight Check” for SOA Systems
: Security Policies Functioning
Unexpected Deviation for
B2B Partner Usage
: WS-I Compliant
: Capacity Adequate
Validation Checklist
Acceptance testing of
pending changes to SOA
environment
New Versions of Services
Policy Changes
Bug Fixes
Infrastructure Patches, etc.
Uses knowledge of
dependencies and
observed interactions
Simulates services that
can’t be replicated in
pre-production
environments
External services
Fee-based services
Gives Staging and
Operations a final check
before deploying changes