OASIS: Integrating Standards for Web Services, Business ...

OASIS: Integrating Standards for Web Services, Business ...

www.oasis-open.org The SOA Journey - Deploying and Managing SOA, a HP IT Case Study Tutorial Anjali Anagol-Subbarao Chief Architect, IDM, Marketing and Direct IT, HP Polling Question #1 What is your familiarity with SOA and Web Services A. Investigation phase B. Process of implementing a pilot C. Developed a Web service D. Developed a cross enterprise solution Overview of SOA SOA Case Studies

SOA Web services Consumer Business Identity Management Best Practices Pressures on the business New Demands Customer Partner Technology Growth, profit, and value Leadership Continuous business transformation Customer satisfaction Regulation/ Deregulation Mergers &

acquisitions Economy Innovation Satisfying Unpredictable Needs Business agility Competition Changing Markets Evolving Business Objectives Supplier result in challenges for the CIO Support rapid change Outsourcing Emerging applications Security Drive costs down Performance

Improve availability Consumption-based costing Capacity Distributed systems Increase business relevance Mobility Heterogeneity Reduce complexity Improve quality of service P&L contribution Deliver services Goals of SOA

Business and IT Alignment Software design derived from an intrinsic understanding of business design IT systems that enable business agility Definition In April 2006 The Object Management Group's (OMG ) SOA Special Interest Group adopted the following definition for SOA: Service Oriented Architecture is an architectural style for a community of providers and consumers of services to achieve mutual value, that: Allows participants in the communities to work together with minimal co-dependence or technology dependence Specifies the contracts to which organizations, people and technologies must adhere in order to participate in the community Provides for business value and business processes to be realized by the community Allows for a variety of technologies to be used to facilitate interactions within the community In March 2006 the OASIS group SOA Reference Model released its first public review draft. This defines the basic principles of SOA that apply at all levels of a service architecture, from business vision through to technical and infrastructure implementation. Service-Oriented Architecture: A paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. It

provides a uniform means to offer, discover, interact with and use capabilities to produce desired effects consistent with measurable preconditions and expectations. Principles of SOA services share a formal contract services are loosely coupled services abstract underlying logic services are composable services are reusable services are autonomous services are stateless services are discoverable Source: Thomas Erl; SearchWebService.com SOA shifts the way we think Traditional Applications Service Oriented Architecture Designed to last Designed to change Tightly Coupled Loosely Coupled, Agile and Adaptive Integrate Silos Compose Services

Detailed Abstracted Long development cycle Interactive and iterative development Cost, supply centered Business, demand centered Middleware makes it work Architecture makes it work Favors Homogeneous Technology Favors Heterogeneous Technology Implementing Enterprise SOA: A Multi-faceted Approach SOA Maturity Model Why an Enterprise SOA Strategy is Important

Create structure around federated SOA efforts avoid IT mavericks Provide guidance and recommendations to Business and IT teams wanting to implement SOA solutions Manage and govern the architectural landscape planning, preparing, and applying principles, techniques, and technologies to make the business adapt to change. Manage semantic interoperability through Services Reduces integration expenses Web based SOA reduces integration expense through standardization Increases Asset Reuse Helps eliminate duplicate functionality Reduces time to market Promotes consistency Reduces risk

More control over business processes by business people Improves Business Agility Allows the business direct control of business processes to manage rapid change Consequences of not having an Enterprise SOA Strategy Within 2-3 years, well have Mishmashed implementations of non-cohesive SOAs Islands of architectures fragmented business functionality & Business Processes Vendor-defined SOA landscapes (every vendor wants to be the center of the universe) IT will spend a lot of time in the future unwinding shortsighted solutions Semantic mess multiple applications exposing seemingly similar functionality Lots of non-reusable, un-structured services that dont enable business processes

Businesses struggle to react to change reduced competitiveness A common source of confusion SOA Technology and Web Services One of the key reasons for the todays focus upon SOA is the emergence of supporting technologies. SOA is an architectural approach, centered around the concept of services SOA Web Services SOA can exist without Web Services Web Services can be utilized without an SOA Using web services can significantly enhance our ability to implement SOA Web Services Standards World Wide Web Consortium (W3C)

http://www.w3c.org Organization for the Advancement of Structured Information Standards (OASIS) http://www.oasis-open.org WS-Interoperability (WS-I) http://www.ws-i.org Web Services make implementing SOA easier, but they arent the same Transactions Messaging Messaging Messaging Security Security Web Services

Web Services Web Services Custom App ERP Legacy App Security Management Transactions SOA leveraging Web Services Business Services Data Services Discovery SOA Fabric (Abstraction Layer) Transactions Messaging Security

Web Services Web Services Web Services Legacy App Custom App ERP Monitoring Standard architecture with Web Services Web Services, the preferred technology for SOA A web service exposes a SOAP XML (industry standard) interface and can be invoked by any client regardless of platform (e.g. J2EE, .Net etc.) Ideally suited for heterogeneous IT environments (such as HPs) to enable systems to interact in a standards-compliant, interoperable manner

Web services offer the technology and SOA offers the blueprint SO Maturity Event Driven Strategic Benefit Business Component Architecture Dynamic business partnerships possible Composite Services BPA-Aligned Reuse across companies; Scaled process-to-process b2b Coarse Grained Reuse within the Enterprise; processto-process b2b Fine Grained Loosely Coupled Reuse within Organizations; Browser-based b2b

Technology Maturity Structured Programming Client/Server & Traditional Languages J2EE Standards/ .Net SOAP; WSDL WS-Mgmt Quality of Service WSRP WS Security Business Process Execution Language

Metadata Repository SOA Case Studies Click to edit Master title style HP-IT Reference SOA Service Consumer/ Presentation Portal Web Rich Desktop Client Rich Client Mobile Device Email Voice Business Process Managment (process automation, service orchestration, rules engine) Identity Management and Web Services Management Policy, Meta Data,

and QoS Business Services Business Service Business Service Business Service Application Service Application Service Business Resources Integration Service Integration Service Data Service ERP

CRM Packaged Apps Custom & Legacy Enterprise Semantics Management Service Enterprise Information Stores Transactional Content Referential Infrastructure Virtualized infrastructure and provisioning Analytical Gov of Services &

Gov of Usage (Policy, Classification, Compliance throughout lifecycle) Service Registry & Repository Component Services (Application / SOI / Data / Utility Services) Utility Service Governance Monitoring Service Operational Infrastructure Service Security Service HP-IT Reference SOA Standards View Service Consumer/ Presentation Portal and

Presentation WSRP JSR168 Business Process Management Policy, Meta Data, and QoS Business Services Messaging Component Services BPEL4WS, WS-Choreography; ASAP; WS-Transactions, WS-Coordination, WS-CAF; SOAP Gov of Services & Gov of Usage (Policy, Classification, Compliance throughout lifecycle) Service Registry & Metadata Repository

UDDI 2.0, UDDI 3.0, WSIL WS-Policy, WSPolicyAssertions, WSDL Business Resources Enterprise Semantics EAI Governance Transactions & Business Process ESB WS-Eventing, WS-Notification, WS-Addressing, WSReliableMessagin g, WS-Reliability, SOAP, MTOM Identity Management and Web Services Management Enterprise Information

Stores Management WSDM, WS-Manageability WS-Provisioning Security Infrastructure Virtualized infrastructure and provisioning WS-Security WS-SecurityPolicy WSSecureConversation WS-Trust WS-Federation E-Business IT Significant Progress with SOA Evolving to an SOA has been the core of Architecture Strategy Progress to date

Decouple systems and eliminate the re-integration problem Enforce greater consistency in processes and re-use Lower cost to serve Benefits Greater IT agility leading to better business agility Greater Leverage of investment dollars E-Business ITs SOA Evolution From monolithic solutions Web Site A (e.g., SMB Store) Function B1 Function A1 Function C1 Function E1

Function G1 Function D1 Function F1 Enterprise Repositori es ERP Function H1 Web Site B (e.g., Enterprise) Function A2 Function C2 Function E2 Function G2 Function

B2 Function D2 Function F2 Function H2 Content Web Site C (e.g., Public Sector) Function A3 Function C3 Function E3 Function G3 CRM Function B3 Function D3 Function F3

Function H3 Financial Web Site D (e.g., Consumer) Function A4 Function C4 Function E4 Function G4 Function B4 Function D4 Function F4 Function H4 Master Data E-Business ITs SOA Evolution (2)

to thin service consumers that leverage web services for std processes Sites Web Services exposing standard processe s Enterprise Repositorie s Web Site A (e.g., SMB Store) Web Site B (e.g., Consumer eSupport) Site D Site C (e.g., Enterprise (e.g., Retail Kiosk) Procurement System) Service A

Service B Service C Service D Service E Service F Service G Service H ERP Content CRM Financial Master Data Consumer Business Case Study Click to edit Master title style T couldnt keep up with business demands

Retail Outlet Retailer Systems hp website 3rd party systems ExternalConfigurator, Catalog DB, interface Vendor data entry tools Core system ERP (SAP) Not real-time Custom developed pipe for each business partner was expensive to maintain Long lead times to connect new retailers Could not support major e-tailers Why SOA?

Serviceoriented to offer a menu of services for retailers to pick and choose from Leverage the expertise of HP and retail partners Interoperability with disparate systems of retailers Standard platform to expose functions from disparate HP systems Abstracting the interface from the implementation Reuse of services SOA Implementation Using Web Services Retailer systems Web services client Web services

Distribut e product catalog Query Query product order Statu info s Web services layer Validat econfig Place order Request price Request/Response technology (Application server) Data Configurator, Product catalog database repositories

Core system ERP (SAP) HP systems Reques t basket transfer Overview of SOA Solution 4 Web services in production 12 external partners 1st implementation March 2002 HPs systems SAP, Microsoft, J2EE,

Oracle Retailer systems .Net, VB, J2EE WebLogic, Web Methods Lessons Learned 1. Not all partners ready with XML; EDI has to be part of solution 2. Achieving desired performance is a challenge 3. Development time delayed due to evolving standards and technologies 4. Security and interoperability can be achieved Results Achieved Business Agility 1. 2. Increased sales (see chart) Faster order to delivery time (24 hours) Relative Unit Volume 10.0 9.0 8.0

7.0 3. 50% decrease in man-months to implement new accounts 6.0 5.0 4.0 3.0 2.0 4. Savings from closing down systems and moving to an SOA platform 1.0 0.0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Account 1 5. New revenue streams generated by offering services like ValidateConfig

Account 2 Note: circles indicate months accounts transitioned to new infrastructure / program Case Study: Identity Management Overview of Customer IDM gn y, IA, De si Ex pe ri e nce Str ate g con s u

mer Cu sto me r HP.com ra t e orpo se/c rpri ente r public secto small/medium bu s . Customer IDM provides a mission critical horizontal process and shared service for hp.com web sites common services publishing systems back-end systems

subsequent site layers awareness buy use & learn support site infrastructu re Industry Leading Implementation One of the largest IDM systems in the industry 35 MM users, growth rate of 700,000/month One of the highest Available systems in HP SLA of 3 9s , protects sites which do business of the order of 4 billion dollars/year Challenges for Customer IDM system

Many ways to do registration which increased cost of implementation Non-standard protocols for authentication Tight coupling between client and server Only web access management Access through different web sites which caused security issues Custom pipes to provide IDM functionality End-User Web Browser EXTERNAL FIREWALL HP Passport Components Registration Web site

Plugin -auth Web services Site Plugin-auth API DMZ Site Plugin-auth REGISTRATION SERVER INTERNAL FIREWALL Web Services App Server Cluster Policy Server DATABASE How did we resolve the challenges To address the HP identity and access management challenges

HP-IT is implementing identity services through an SOA model. Implementing registration, authentication and federation services The identity services were hosted centrally and all external facing web sites could consume these common services Loosely coupled Interoperable across many OS/app/web servers Uses standard protocols Open to services, devices SOA-based Architecture End- User ( Web Browser ) Device Rich Client Enterprise Customers

Web Service EXTERNAL FIREWALL Registration HP Passport Components Web Services-1 Authentication / Services-2 Federation Services REGISTRATION SERVER INTERNAL FIREWALL Web Services App Server Cluster Policy

Server DATABASE DMZ Identity Services Defined Burton slide Consumers of Identity Operations Federated domains Identity and policy administration Applications Applications Applications Services Federation Authentication & Authorization Query & Update

Personalization & Visualization Underlying Identity Components Security Identity Services Defined HPs Identity Services Consumers of Identity Operations Federated domains Identity and policy administration Applications Applications Applications Services Federation Federation Web services Authentication

& Authorization Login Validate Query & Update EditProfile UpdateCredentials Personalization & Visualization getUser Underlying Identity Components Security Password Management Benefits Enabling new business opportunities

Enabling extended enterprise Identity services help bring these partners/outsourcers to have a more seamless access to HP Extended functionality beyond web access management Achieved a Cost Reduction of 50% Cross selling, up selling between SMB and enterprise storefronts Leverage Idm to reduce business costs through identity services Used standard protocols and loose coupling Support, integration costs reduced Risk Mitigation

Security Breaches avoided as one registration, authentication service used throughout company Federation helped in maintaining regulatory compliance Best Practices/Lessons Learned Click to edit Master title style Best Practices Established for SOA 1. Designing for interoperability 2. Publishing enduring Web services contracts 3. Effectively using business tier systems 4. Planning a robust production environment 5. Building with Frameworks

Challenges Web Services Interoperability The great promise of web services Reality Creating interoperable web services is still hard Service producers and consumers can use any OS / prog. language Web services standards would guarantee seamless interoperability Evolving specs and ambiguity Vendors implementing standards selectively Teams encounter interoperability issues (often discovered during later stages of testing) In some cases, caused senior management to form a negative opinion of web services, and the value of SOA in general Compiled best practices with respect to interoperability

Compliance vs interoperability (exceptions to WS-I standards) Issues with specific vendors tools First design the interface Use WSDL editors (XMLSpy) to create WSDL (for the validateConfig service) Three abstract definitions - types, messages and port type Two concrete definitions - binding and service Design considerations for Versioning Leverage XML Schemas

Patterns to facilitate Versioning Naming Convention Deployment Strategy Details of versioning Using date stamp as part of the target namespace of your XML Schema. .. Use different end points in WSDL Use different operations

Versioning Lifecycle 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Build transition plan Make Changes to Service. Test new Service version Implement new Service version. Add/publish new Service version to WSDL descriptions, UDDI registries, etc. Notify known Consumers of new Service version and transition plan Run Service versions in Parallel Set Date for Retirement of older Service version Notify known Consumers of retirement

Remove old Service version from descriptions, registries etc. to stop new consumers discovering and using. Remove functional behavior of old Service. Only return appropriate error message Retire old Service. Physically remove old Service version. Key Security Elements Secured the Web services using Transport Level Security 2 way SSL Creates performance issues Now Web services can be secured using message level security - WSSecurity Performance and Web services Performance numbers without SSL Performance numbers with SSL -degradation of approx 30% Transaction Name

Minimum Average Maximum Std 90 Perce nt Pass AB_request 0.578 2.168 34.75 2.9 3.928 1,449 placeOrder_requ

est 3.688 6.367 29.344 2.931 9.53 193 VC_request 0.719 2.172 24.078 2.252 3.804 10,080

Enhancing the performance Identifying performance bottlenecks using HPs OVTA Enhancing the performance Making XML more efficient Use sTAX parser XML Beans for XML to Java Binding (now part of Apache open source) XML accelerators from HP Making SOAP more efficient SOAP parsers BEA SOAP engine measurements showed 72% faster than Apache Axis SOAP with attachments

Frameworks support SOA Dealing with complexity Standards do not specify how to deal with the complexities of designing and implementing modular, reliable, scalable and high performance services Frameworks Productize best practices and provide a foundation to developers for creating services Repeatability and consistency E-Biz SSA framework for designing and implementing services E-Biz WPA framework for UIs that consume services

What next for SOA and Web Services? Business Logic Enterprise Systems Security Management Web Services Lifecycle Management Business Process Management Dynamic Rerouting and transformations Infrastructure to support SOA ecosystem for sustaining Business Agility Summary Introduction to SOA and web services Successful implementation of SOA architecture

Configure to Order Case Study Identity Management Case Study Lifecycle of development of Web services Challenges of implementing Web services security and performance Best Practices Call to action Check out http://dev2dev.bea.com/index.jsp for BEA WebLogic references Look at http://openview.hp.com/bea for the OpenView Products

Access DRC portal at http://devresource.hp.com for Web services, SOA, life cycle development tips Look at http://www.oasis-open.org/home/index.php Rest of it is in the book J2EE Web Services on BEA WebLogic by Anjali Anagol-Subbarao Questions www.oasis-open.org

Recently Viewed Presentations