Architecture Deep Dive What Is Architecture?

Jason Bloomberg & Ron Schmelzer ZapThink LLC

Take Credit Code: ARCHDD

What is Architecture?

The fundamental organization of a system embodied by its components, their relationships to each other and to the environment and the principles guiding its design and evolution. (IEEE P1471/D5.3)

1 In Particular, SOA is Enterprise Architecture

Enterprise architecture includes:

• An aggregated architecture of all the individual IT systems within an organization

• The human element within the enterprise

• Systems, people, and organizational constructs at other companies that have relationships with the enterprise

• Individual consumers who are that enterprise’s customers

• Corporate governance

A closer Look at SOA

Legacy Composite Business Business Atomic Data Applications Application SOA Fabric Databases Services Processes Services Integration and Delivery Middleware

Security A Rich Rich C Clients Discovery B E D Management

Messaging A

Routing C Composite B E Apps Transform D

Governance and Security Infrastructure

Source: MW2 Consulting

2 SOA Foundation: Model-Driven Architecture

• Object Management Group (OMG) initiative

• Concepts of models, metamodels, and the Meta-Object Facility, which is a meta-metamodel

• Platform independent model and platform dependent models

• Model-driven development

• Weakness: Doesn’t (yet) take into account changing requirements

The SOA Metamodel

Business Model Platform Service Model (Use Cases) Dependent Models

Logical View

Line-of-Business Users Business Process View Views Business Analysts Use-case View

Service-Oriented Architects Implementation View

Technical Architects & Developers Technology Views Deployment View

3 SOA Idées Fortes: Loose Coupling

• Consumer and Provider of Services controlled by different people • Changing one doesn’t break the other • Build one without being aware of the other • Loose coupling on various levels: – Application interface – Data formats –Security – Governance and Policies

SOA Idées Fortes: Asynchrony

• The Web is synchronous: click a button and wait for a response • Services can also be asynchronous: allow for long-running processes • SOA should be event-driven – SOA vs. EDA is an inappropriate distinction

4 SOA Idées Fortes: Coarse Granularity

• Technical sense + business sense • Business-oriented requests and responses • Blocks of information exchanged • Encapsulate APIs into fine-grained, atomic Services and compose them into coarse- grained, business Services • Coarse granularity implies composability

Top-Down & Bottom-Up Approaches

• Top-down only: have the plan, may not be able to execute

• Bottom-up only: build Services, may not be reusable

• SOA planning must be both – Develop the vision (but not the details) ahead of time – Service development should be iterative

5 Contract-First Development

• Service contracts specify required functionality to IT and provided functionality to the business

• Service model represents the clearinghouse for information about IT environment

• Contracts go beyond WSDL: – Usage policies –Security policies – Consumer delivery contracts – Service-level agreements, etc.

The Role of the Registry

Lines of Service Model Existing Business Infrastructure

Service Metadata

•Design time !" Runtime

• Role of repository/registry

• UDDI and beyond

6 Metadata Management Requirements

• In an SOA, business logic is in metadata, not code • Types of metadata – Service interfaces – Business process flows – Policy definitions – Event messages and types – Schema and semantics • Need: development tools and methodologies

This is the state of the art for SOA

Enterprise Governance: Managing the People of SOA

•SOA-enabled Governance: – Policy management • SOA configured & controlled via metadata, including policy – Visibility • Services abstract heterogeneous data sources, providing necessary business intelligence – Flexibility • Ability to build Services that address compliance issues and adjust them as regulations or business needs change

7 The SOA Implementation Roadmap

Just-In-Time Integration Service-Oriented Service-Oriented Process Enterprise

Enterprise SOA Business-Oriented Services Buildout Implement the SOA SOA Metamodel Pilots Dynamic Service Discovery

Manage Services Mission- Critical Web Services Secure Service Interfaces “Grass Roots” Web Services Wrap Legacy Systems in Implementations Services Interfaces Heterogeneous Systems with Proprietary Interfaces

Putting SOA Together

SOAs abstract the software functionality that business processes compose and orchestrate Service-Oriented Service-Oriented Architecture Process

SOM enables loose SOAs abstract the coupling and coarse adaptation layer with a SOM enables and manages granularity logical Service network business Services and the processes that link them

Service-Oriented Service-Oriented Integration Management

SOM enforces the Quality of Service of SOI

Web Services Security & Identity Management Essential prerequisite for SOAs

8 The Security Context Challenge

??? RonSchmelzer rschmelzer

Read Only

rschm123

Selective ??? Full Read/Write Read / Write

Identity Management: Kill Two Birds…

• Many enterprises already dealing with “Single Sign- On” – “Sticky Note” problem: too many passwords for too many systems – Problems administering users – Too many people with root access – Unknown security holes

• Now: need enterprise ID & access management to prepare for an SOA

9 Service-Oriented Management

• Are your Services up and running?

• Are the right consumers accessing the right Services?

• How do you keep consumers & producers of Services loosely coupled when Services change?

• How do you fix things when something goes wrong?

• Are you providing the required quality of Service?

• SOA enablement…

SOA Enablement…

• Provide and enforce the SOA layer of abstraction

• Combine fine-grained APIs into coarse-grained business Services

• Mask complexity of underlying technology: message protocols, adapters, APIs, etc.

• Handle quality of service, scalability, etc. “behind the scenes”

10 The State of the Market

t n I e nt m e e g gr a s n l a o a M o S t T e i c o ss u n ce r ro it P • All balls must be in the air at once y

• Web Services do not create a permanent, distinct market

• New entrants jockeying for position while incumbents wait/build/acquire

Introducing the SOAIF…

• The SOA implementation framework is a product or set of products that offer everything companies need to build, run & manage their SOA

• No vendor offers a complete SOAIF (yet)

• Leverages Service orientation for modularity

• Today’s markets are converging on the SOAIF

11 The Road to the SOAIF

Message- Integration Transaction Oriented Brokers Middleware Monitors

App Server Application B2Bi EAI ESB "Platforms" Servers

Systems BPI Management BPM SOAI PKI

Modeling SOA Tools WS Enablement Management SO WS Security IAM Process SO Mgmt Application SO Frameworks Security SOA Tools SOA Implementation XML Network Framework BAM Appliances Appliances RAD Arch. SO Tools Development SOII BI Analytics

SO Content WS Tools Semantic EII Integration

Established Operational Data Markets IDEs Portals CMS Data Stores Integration Transitional WS Markets Presentation Data NXDs ETL Markets Tools Warehouses Remaining Distinct Core SO Markets Copyright © 2003 ZapThink LLC Copyright © 2005, ZapThink, LLC Databases OLAP

Security, Management & SOAIF

App Server Application ESB "Platforms" Servers

Systems SOAI Management

SOA WS Enablement Management

SO Management BAM BI

SOA Implementation Established Framework Markets SO Security

Transitional WS Security WS Markets

12 WS Security Market Map – 2002

Private Web Services Network Providers Bang Networks Access & Policy Mgmt Flamenco Networks Vendors Grand Central Enterprise Security Slam Dunk Networks Waveset Services

Web Services Infrastructure Web Services Security Platforms TruSecure, IBM Management Vendors EDS, ISS, CA Global Trust Services Systinet, AmberPoint Westbridge Technology Cape Clear, Iona Quadrasis, Primordial Entrust, Actional Verisign Bowstreet, Flamenco PKI Vendors Baltimore Technologies Entrust Secure Integration/EAI beTRUSTed Identity/Single Sign-on RSA Security Vendors Software XML Firewalls Vendors VeriSign Baltimore Technologies webMethods Reactivity Netegrity, Oblix Entrust, CA Vitria, SeeBeyond Quadrasis Open Network Web Services Security Tibco, IBM Westbridge Technology Entegrity, Entrust Toolkit Vendors Actional, BEA Vordel OneName, CA Novell, RSA Security RSA Security Security Service IBM, Systinet, Entrust Providers Netegrity, nCipher Phaos Technology Source: Copyright © 2002 ZapThink, LLC McAfee Symantec

WS Security Market Map – 2005

Private Web Services Network Providers Bang Networks Access & Policy Mgmt Flamenco Networks Vendors Grand Central Enterprise Security Slam Dunk Networks Waveset Services

Web Services Infrastructure Web Services Security Platforms TruSecure, IBM Management Vendors EDS, ISS, CA Global Trust Services Systinet, AmberPoint Westbridge Technology Cape Clear, Iona Quadrasis, Primordial Entrust, Actional Verisign Bowstreet, Flamenco PKI Vendors Baltimore Technologies Entrust Secure Integration/EAI beTRUSTed Identity/Single Sign-on RSA Security Vendors Software XML Firewalls Vendors VeriSign Forum Systems IBM Baltimore Technologies webMethods Layer 7 Reactivity Oracle Netegrity, Oblix Entrust, CA Vitria, SeeBeyond Quadrasis Open Network Web Services Security Tibco, IBM Westbridge Technology Entegrity, Entrust Toolkit Vendors Actional, BEA Vordel OneName, CA XML Security Appliances Novell, RSA Security RSA Security Security Service IBM, Systinet, Entrust DataPower Providers Netegrity, nCipher Forum Systems Phaos Technology SOA Enablement Vendors ReactivitySource: Copyright © 2002 ZapThink, LLC McAfee Sarvega Symantec Actional AmberPoint SOA Software

13 WS Management Market Map - 2002

Systems Management Platforms BMC Software Computer Associates Unicenter IBM Tivoli HP Openview Transaction/Workflow/BPM Platforms & Tools XML Proxies BEA Fuego Web Services DataPower IBM Management Platforms Forum Systems IDS Scheer Aris Quadrasis Intalio Confluent Software Reactivity Mega Adjoin Flamenco Networks Sarvega Savvion Blue Titan Vordel Infravio AmberPoint SwingTide Digital Evolution Web Services Talking Blocks Web Services Security Development Platforms WestGlobal Platforms & Tools BEA Actional Baltimore Technologies Bowstreet Primordial Entrust Cape Clear Westbridge Technology Netegrity IBM WebSphere App Developer Microsoft Visual Studio .NET Systinet Private Web Services The Mind Electric Networks WebPutty Grand Central Copyright © 2005, ZapThink, LLC

WS Management Market Map - 2005

Systems Management Platforms SOA Governance Tools Infravio BMC Software LogicLibrary Systinet Computer Associates Unicenter WebLayers IBM Tivoli HP OpenView Transaction/Workflow/BPM Platforms & Tools XML Proxies BEA Fuego Collaxa Web Services DataPower IBM Forum Systems Cordys Management Platforms IDS Scheer Aris Quadrasis Intalio Confluent Software Reactivity Mega Adjoin Flamenco Networks Sarvega Layer 7 Savvion Blue Titan Vordel Infravio AmberPoint SwingTide Digital Evolution Web Services Talking Blocks SOA Software Web Services Security Development Platforms WestGlobal Platforms & Tools Oblix BEA Actional OracleBaltimore Technologies Bowstreet Primordial Entrust Cape Clear Westbridge Technology Netegrity IBM WebSphere App Developer Service Integrity Microsoft Visual Studio .NET Systinet Private Web Services The Mind Electric Networks WebPutty Grand Central Copyright © 2005, ZapThink, LLC

14 Arch., Devt. Tools & SOAIF

BPM

Modeling Tools SO Process

Application Frameworks SOA Tools SOA Implementation Framework RAD Arch. SO Tools Development

Established Markets WS Tools

Transitional WS Markets

SOA Tools Market Map - 2003

Transaction/Workflow/BPM Integrated Development Platforms & Tools Environments BEA Systems SOA Enablement Products Borland Fuego Actional Rational Software IBM AmberPoint IBM IDS Scheer Aris Blue Titan Microsoft Intalio Mega Confluent Software SOA Knowledge/ Savvion Digital Evolution Training Flamenco Networks IBM Service-Oriented Infravio Microsoft Development/Runtime Talking Blocks SwingTide Westbridge Technology Platforms WestGlobal Exadel Rapid Development Kinzan Platforms Novell Altoweb Modeling/Architecture The Mind Electric Novell Tools SOA Tools Wakesoft Instantis Aonix WebPutty Silver Leap Borland Zareus UDICo Interactive Objects Agile Testing Tools WebPutty MetaMatrix Web Services Rational Software Development Tools Mercury Interactive Sun Microsystems BarbadoSoft Parasoft Sybase Asset Management BEA Systems Rational Software Telelogic Tools Bowstreet Visible Systems Flashline Cape Clear LogicLibrary ClearMethods Service-Oriented Sybase Integration Vendors Legacy Encapsulation Systinet IONA Tools The Mind Electric Sonic Software Actional WebPutty WRQ Attachmate Hostbridge iWay Copyright © 2003 ZapThink LLC Seagull WRQ Copyright © 2005, ZapThink, LLC

15 SOA Tools Market Map - 2005

Transaction/Workflow/BPM Integrated Development Platforms & Tools Environments BEA Systems SOA Enablement Products Borland Fuego Cordys Actional Rational Software IBM AmberPoint IBM IDS Scheer Aris Blue Titan Microsoft Intalio Mega Confluent Software SOA Knowledge/ Composite Application Savvion Digital Evolution Training Platforms Flamenco Networks IBM Service-Oriented Above All Software Infravio SOA Software Microsoft Development/Runtime Cordys Talking Blocks Systinet SwingTide Westbridge Technology Platforms Jacada WestGlobal Exadel NetManage Rapid Development Kinzan Prima Solutions Platforms Novell Quovadx Altoweb Modeling/Architecture The Mind Electric Webify Solutions Novell Tools SOA Tools Wakesoft Instantis Aonix WebPutty Silver Leap Borland Zareus UDICo Interactive Objects Agile Testing Tools WebPutty MetaMatrix Web Services Rational Software Development Tools Mercury Interactive Sun Microsystems Parasoft BarbadoSoft Empirix Sybase Asset Management Rational Software BEA Systems Optimyz Telelogic Tools Bowstreet Segue Visible Systems Flashline Cape Clear LogicLibrary ClearMethods Solstice Service-Oriented Sybase Spirent Integration Vendors Legacy Encapsulation Systinet Brunswick WDI IONA Tools The Mind Electric Cordys Sonic Software Actional ClientSoft WebPutty Fiorano WRQ Attachmate GT Software Hostbridge Jacada IONA iWay Copyright © 2003 ZapThink LLC KnowNow Seagull Neon Systems Polar Lake WRQ NetManage Software AG Copyright © 2005, ZapThink,OpenConnect LLC Sybase

App. Integration, Process & SOAIF

Message- Integration Transaction Oriented Brokers Monitors Middleware

App Server Application B2Bi EAI ESB "Platforms" Servers

BPI

BPM SOAI

SOA Enablement SO Process SO Mgmt

Established Markets SOA

16 SOP Market Map - 2003

Enterprise Applications B2B Integration Commerce One PeopleSoft Enterprise Application Cyclone Commerce SAP Integration SeeBeyond Sterling Commerce Siebel TIBCO Transaction/Workflow/BPM Vitria Platforms & Tools WebMethods Service-Oriented Akazi Integration Vendors FileNet IONA Fuego Polar Lake HandySoft Sonic Software IBM WRQ Service-Oriented IDS Scheer Aris Process Intalio Mega Metastorm Service-Oriented Manaement Savvion Actional Service-Oriented AmberPoint Process "Pure Plays" Blue Titan Confluent Software Choreology Digital Evolution Application Server Collaxa Flamenco Networks Platforms Intalio Infravio BEA Oak Grove Systems Talking Blocks IBM Versata Westbridge Technology Microsoft WestGlobal Novell Oracle Sun Copyright © 2005, ZapThink, LLC

SOP Market Map - 2005

Enterprise Applications B2B Integration Commerce One PeopleSoft Enterprise Application Cyclone Commerce SAP Integration SeeBeyond Sterling Commerce Siebel TIBCO Transaction/Workflow/BPM Vitria Platforms & Tools WebMethods Service-Oriented Akazi Integration Vendors FileNet Brunswick WDI IONA Fuego Cordys Polar Lake HandySoft Fiorano Sonic Software IBM Cordys Jacada WRQ Service-Oriented IDS Scheer ArisOracle KnowNow Process Intalio Software AG Mega Sybase Metastorm Service-Oriented Manaement Savvion Actional Service-Oriented AmberPoint Process "Pure Plays" SOA Software Blue Titan Confluent Software Choreology Digital Evolution Application Server Collaxa Flamenco Networks Platforms Intalio Infravio BEA Oak Grove Systems Talking Blocks IBM Versata Westbridge Technology Microsoft WestGlobal Novell Oracle Sun Copyright © 2005, ZapThink, LLC

17 Info. Integration, Content & SOAIF

SO Mgmt

SOA Implementation Framework BAM

SOII BI Analytics

SO Content Semantic EII Integration

Operational Data CMS Data Stores Integration

Data NXDs ETL Established Warehouses Markets

Transitional WS Markets

Next Steps?

• Take iterative approach to reduce risk • Security & management usually come first • Build SOA top-down (architectural plan) and bottom-up (build Services from existing

I t nt n e resources) e m gr e g a s a n l t a o S i o o M e T c n u s r s i ce t o y Pr

18 SOAIF Futures…

SOAI

SOA Enablement SO Process SO Mgmt SO Security SOA Tools SOA Implementation Framework

Established SOII Markets

ZapThink is an industry analysis firm focused exclusively on XML, Web Services, and Service-Oriented Architecture.

Ronald Schmelzer Thank You! [email protected]

Jason Bloomberg [email protected]

19 Appendix

SOA is a discipline…

• Implementing a Service-Oriented Architecture is a journey

• Moving from proprietary interfaces to standards-based ones is just the first step…

• SOAs require a combination of security, management, integration, process, and architecture tools

• What are the right steps to guarantee overall success?

• How can you guarantee an ROI while reducing risk?

20 SOA Abstracts the Plumbing

• Goal is reusable, composable business Services

• But what kind of infrastructure enables loosely coupled, composable, asynchronous Services?

• Many different approaches to implementation

Don’t Get Lost in the Terminology ESB? Abstraction? SOA Infrastructure?EAI? Service Network? EDA? Service Grid? SOA? Fabric?

• There are many styles for SOA implementation • Focus on your goals: Reuse? Governance? Reduced integration cost? Agility?

21 The 4+1 View Model of SOA

Logical View Implementation View Functional requirements Components

Data View Use Case View SOAs Information View

Process View Deployment View Processes Platforms

SOA Enablement…

• Provide and enforce the SOA layer of abstraction

• Combine fine-grained APIs into coarse-grained business Services

• Mask complexity of underlying technology: message protocols, adapters, APIs, etc.

• Handle quality of service, scalability, etc. “behind the scenes”

22 Important Points: Managing Services

• You need management when you offer your first “mission critical” Web Service (don’t wait!)

• Management is critical for building and running enterprise-class SOAs

• The Service-Oriented Management space is still in flux

Enterprise Governance: Managing the People part of SOA

• Governance: the new business mandate – Establish and communicate policies that employees must follow – Give employees the tools they need to be compliant with those policies – Provide visibility into the levels of compliance in the organization – Mitigate any deviations from established policy • SOA-enabled Governance: – Policy management • SOA configured & controlled via metadata, including policy – Visibility • Services abstract heterogeneous data sources, providing necessary business intelligence – Flexibility • Ability to build Services that address compliance issues and adjust them as regulationsCopyright © 2005, or ZapThink, business LLC needs change

23 Mandatory, Urgent, & Non-Negotiable

Return On Investment

Risk Of Incarceration