Architecture Deep Dive
Jason Bloomberg & Ron Schmelzer ZapThink LLC
Take Credit Code: ARCHDD
Copyright © 2005, ZapThink, LLC
What is Architecture?
The fundamental organization of a system embodied by its components, their relationships to each other and to the environment and the principles guiding its design and evolution. (IEEE P1471/D5.3)
Copyright © 2005, ZapThink, LLC
1 In Particular, SOA is Enterprise Architecture
Enterprise architecture includes:
• An aggregated architecture of all the individual IT systems within an organization
• The human element within the enterprise
• Systems, people, and organizational constructs at other companies that have relationships with the enterprise
• Individual consumers who are that enterprise’s customers
• Corporate governance
Copyright © 2005, ZapThink, LLC
A closer Look at SOA
Legacy Composite Business Business Atomic Data Applications Application SOA Fabric Databases Services Processes Services Integration and Delivery Middleware
Security A Rich Rich C Clients Discovery B E D Management
Messaging A
Routing C Composite B E Apps Transform D
Governance and Security Infrastructure
Source: MW2 Consulting
Copyright © 2005, ZapThink, LLC
2 SOA Foundation: Model-Driven Architecture
• Object Management Group (OMG) initiative
• Concepts of models, metamodels, and the Meta-Object Facility, which is a meta-metamodel
• Platform independent model and platform dependent models
• Model-driven development
• Weakness: Doesn’t (yet) take into account changing requirements
Copyright © 2005, ZapThink, LLC
The SOA Metamodel
Business Model Platform Service Model (Use Cases) Dependent Models
Logical View
Line-of-Business Users Business Process View Views Business Analysts Use-case View
Service-Oriented Architects Implementation View
Technical Architects & Developers Technology Views Deployment View
System Architects & System Engineers Copyright © 2003 ZapThink LLC
Copyright © 2005, ZapThink, LLC
3 SOA Idées Fortes: Loose Coupling
• Consumer and Provider of Services controlled by different people • Changing one doesn’t break the other • Build one without being aware of the other • Loose coupling on various levels: – Application interface – Data formats –Security – Governance and Policies
Copyright © 2005, ZapThink, LLC J
SOA Idées Fortes: Asynchrony
• The Web is synchronous: click a button and wait for a response • Services can also be asynchronous: allow for long-running processes • SOA should be event-driven – SOA vs. EDA is an inappropriate distinction
Copyright © 2005, ZapThink, LLC J
4 SOA Idées Fortes: Coarse Granularity
• Technical sense + business sense • Business-oriented requests and responses • Blocks of information exchanged • Encapsulate APIs into fine-grained, atomic Services and compose them into coarse- grained, business Services • Coarse granularity implies composability
Copyright © 2005, ZapThink, LLC J
Top-Down & Bottom-Up Approaches
• Top-down only: have the plan, may not be able to execute
• Bottom-up only: build Services, may not be reusable
• SOA planning must be both – Develop the vision (but not the details) ahead of time – Service development should be iterative
Copyright © 2005, ZapThink, LLC
5 Contract-First Development
• Service contracts specify required functionality to IT and provided functionality to the business
• Service model represents the clearinghouse for information about IT environment
• Contracts go beyond WSDL: – Usage policies –Security policies – Consumer delivery contracts – Service-level agreements, etc.
Copyright © 2005, ZapThink, LLC
The Role of the Registry
Lines of Service Model Existing Business Infrastructure
Service Metadata
•Design time !" Runtime
• Role of repository/registry
• UDDI and beyond
Copyright © 2005, ZapThink, LLC
6 Metadata Management Requirements
• In an SOA, business logic is in metadata, not code • Types of metadata – Service interfaces – Business process flows – Policy definitions – Event messages and types – Schema and semantics • Need: development tools and methodologies
This is the state of the art for SOA
Copyright © 2005, ZapThink, LLC
Enterprise Governance: Managing the People of SOA
• Governance: the new business mandate – Establish and communicate policies that employees must follow – Give employees the tools they need to be compliant with those policies – Provide visibility into the levels of compliance in the organization – Mitigate any deviations from established policy
•SOA-enabled Governance: – Policy management • SOA configured & controlled via metadata, including policy – Visibility • Services abstract heterogeneous data sources, providing necessary business intelligence – Flexibility • Ability to build Services that address compliance issues and adjust them as regulations or business needs change
Copyright © 2005, ZapThink, LLC
7 The SOA Implementation Roadmap
Just-In-Time Integration Service-Oriented Service-Oriented Process Enterprise
Enterprise SOA Business-Oriented Services Buildout Implement the SOA SOA Metamodel Pilots Dynamic Service Discovery
Manage Services Mission- Critical Web Services Secure Service Interfaces “Grass Roots” Web Services Wrap Legacy Systems in Implementations Services Interfaces Heterogeneous Systems with Proprietary Interfaces
Copyright © 2005, ZapThink, LLC
Putting SOA Together
SOAs abstract the software functionality that business processes compose and orchestrate Service-Oriented Service-Oriented Architecture Process
SOM enables loose SOAs abstract the coupling and coarse adaptation layer with a SOM enables and manages granularity logical Service network business Services and the processes that link them
Service-Oriented Service-Oriented Integration Management
SOM enforces the Quality of Service of SOI
Web Services Security & Identity Management Essential prerequisite for SOAs
Copyright © 2005, ZapThink, LLC
8 The Security Context Challenge
??? RonSchmelzer rschmelzer
Read Only
rschm123
Selective ??? Full Read/Write Read / Write
Copyright © 2005, ZapThink, LLC
Identity Management: Kill Two Birds…
• Many enterprises already dealing with “Single Sign- On” – “Sticky Note” problem: too many passwords for too many systems – Problems administering users – Too many people with root access – Unknown security holes
• Now: need enterprise ID & access management to prepare for an SOA
Copyright © 2005, ZapThink, LLC
9 Service-Oriented Management
• Are your Services up and running?
• Are the right consumers accessing the right Services?
• How do you keep consumers & producers of Services loosely coupled when Services change?
• How do you fix things when something goes wrong?
• Are you providing the required quality of Service?
• SOA enablement…
Copyright © 2005, ZapThink, LLC
SOA Enablement…
• Provide and enforce the SOA layer of abstraction
• Combine fine-grained APIs into coarse-grained business Services
• Mask complexity of underlying technology: message protocols, adapters, APIs, etc.
• Handle quality of service, scalability, etc. “behind the scenes”
Copyright © 2005, ZapThink, LLC
10 The State of the Market
t n I e nt m e e g gr a s n l a o a M o S t T e i c o ss u n ce r ro it P • All balls must be in the air at once y
• Web Services do not create a permanent, distinct market
• New entrants jockeying for position while incumbents wait/build/acquire
Copyright © 2005, ZapThink, LLC
Introducing the SOAIF…
• The SOA implementation framework is a product or set of products that offer everything companies need to build, run & manage their SOA
• No vendor offers a complete SOAIF (yet)
• Leverages Service orientation for modularity
• Today’s markets are converging on the SOAIF
Copyright © 2005, ZapThink, LLC
11 The Road to the SOAIF
Message- Integration Transaction Oriented Brokers Middleware Monitors
App Server Application B2Bi EAI ESB "Platforms" Servers
Systems BPI Management BPM SOAI PKI
Modeling SOA Tools WS Enablement Management SO WS Security IAM Process SO Mgmt Application SO Frameworks Security SOA Tools SOA Implementation XML Network Framework BAM Appliances Appliances RAD Arch. SO Tools Development SOII BI Analytics
SO Content WS Tools Semantic EII Integration
Established Operational Data Markets IDEs Portals CMS Data Stores Integration Transitional WS Markets Presentation Data NXDs ETL Markets Tools Warehouses Remaining Distinct Core SO Markets Copyright © 2003 ZapThink LLC Copyright © 2005, ZapThink, LLC Databases OLAP
Security, Management & SOAIF
App Server Application ESB "Platforms" Servers
Systems SOAI Management
SOA WS Enablement Management
SO Management BAM BI
SOA Implementation Established Framework Markets SO Security
Transitional WS Security WS Markets
Markets Remaining Copyright © 2004 ZapThink LLC Distinct Core SO Markets Copyright © 2005, ZapThink, LLC
12 WS Security Market Map – 2002
Private Web Services Network Providers Bang Networks Access & Policy Mgmt Flamenco Networks Vendors Grand Central Enterprise Security Slam Dunk Networks Waveset Services
Web Services Infrastructure Web Services Security Platforms TruSecure, IBM Management Vendors EDS, ISS, CA Global Trust Services Systinet, AmberPoint Westbridge Technology Cape Clear, Iona Quadrasis, Primordial Entrust, Actional Verisign Bowstreet, Flamenco PKI Vendors Baltimore Technologies Entrust Secure Integration/EAI beTRUSTed Identity/Single Sign-on RSA Security Vendors Software XML Firewalls Vendors VeriSign Baltimore Technologies webMethods Reactivity Netegrity, Oblix Entrust, CA Vitria, SeeBeyond Quadrasis Open Network Web Services Security Tibco, IBM Westbridge Technology Entegrity, Entrust Toolkit Vendors Actional, BEA Vordel OneName, CA Novell, RSA Security RSA Security Security Service IBM, Systinet, Entrust Providers Netegrity, nCipher Phaos Technology Source: Copyright © 2002 ZapThink, LLC McAfee Symantec
Copyright © 2005, ZapThink, LLC
WS Security Market Map – 2005
Private Web Services Network Providers Bang Networks Access & Policy Mgmt Flamenco Networks Vendors Grand Central Enterprise Security Slam Dunk Networks Waveset Services
Web Services Infrastructure Web Services Security Platforms TruSecure, IBM Management Vendors EDS, ISS, CA Global Trust Services Systinet, AmberPoint Westbridge Technology Cape Clear, Iona Quadrasis, Primordial Entrust, Actional Verisign Bowstreet, Flamenco PKI Vendors Baltimore Technologies Entrust Secure Integration/EAI beTRUSTed Identity/Single Sign-on RSA Security Vendors Software XML Firewalls Vendors VeriSign Forum Systems IBM Baltimore Technologies webMethods Layer 7 Reactivity Oracle Netegrity, Oblix Entrust, CA Vitria, SeeBeyond Quadrasis Open Network Web Services Security Tibco, IBM Westbridge Technology Entegrity, Entrust Toolkit Vendors Actional, BEA Vordel OneName, CA XML Security Appliances Novell, RSA Security RSA Security Security Service IBM, Systinet, Entrust DataPower Providers Netegrity, nCipher Forum Systems Phaos Technology SOA Enablement Vendors ReactivitySource: Copyright © 2002 ZapThink, LLC McAfee Sarvega Symantec Actional AmberPoint SOA Software
Copyright © 2005, ZapThink, LLC
13 WS Management Market Map - 2002
Systems Management Platforms BMC Software Computer Associates Unicenter IBM Tivoli HP Openview Transaction/Workflow/BPM Platforms & Tools XML Proxies BEA Fuego Web Services DataPower IBM Management Platforms Forum Systems IDS Scheer Aris Quadrasis Intalio Confluent Software Reactivity Mega Adjoin Flamenco Networks Sarvega Savvion Blue Titan Vordel Infravio AmberPoint SwingTide Digital Evolution Web Services Talking Blocks Web Services Security Development Platforms WestGlobal Platforms & Tools BEA Actional Baltimore Technologies Bowstreet Primordial Entrust Cape Clear Westbridge Technology Netegrity IBM WebSphere App Developer Microsoft Visual Studio .NET Systinet Private Web Services The Mind Electric Networks WebPutty Grand Central Copyright © 2005, ZapThink, LLC
WS Management Market Map - 2005
Systems Management Platforms SOA Governance Tools Infravio BMC Software LogicLibrary Systinet Computer Associates Unicenter WebLayers IBM Tivoli HP OpenView Transaction/Workflow/BPM Platforms & Tools XML Proxies BEA Fuego Collaxa Web Services DataPower IBM Forum Systems Cordys Management Platforms IDS Scheer Aris Quadrasis Intalio Confluent Software Reactivity Mega Adjoin Flamenco Networks Sarvega Layer 7 Savvion Blue Titan Vordel Infravio AmberPoint SwingTide Digital Evolution Web Services Talking Blocks SOA Software Web Services Security Development Platforms WestGlobal Platforms & Tools Oblix BEA Actional OracleBaltimore Technologies Bowstreet Primordial Entrust Cape Clear Westbridge Technology Netegrity IBM WebSphere App Developer Service Integrity Microsoft Visual Studio .NET Systinet Private Web Services The Mind Electric Networks WebPutty Grand Central Copyright © 2005, ZapThink, LLC
14 Arch., Devt. Tools & SOAIF
BPM
Modeling Tools SO Process
Application Frameworks SOA Tools SOA Implementation Framework RAD Arch. SO Tools Development
Established Markets WS Tools
Transitional WS Markets
Markets Remaining Distinct Core SO IDEs Markets Copyright © 2005, ZapThink, LLC
SOA Tools Market Map - 2003
Transaction/Workflow/BPM Integrated Development Platforms & Tools Environments BEA Systems SOA Enablement Products Borland Fuego Actional Rational Software IBM AmberPoint IBM IDS Scheer Aris Blue Titan Microsoft Intalio Mega Confluent Software SOA Knowledge/ Savvion Digital Evolution Training Flamenco Networks IBM Service-Oriented Infravio Microsoft Development/Runtime Talking Blocks SwingTide Westbridge Technology Platforms WestGlobal Exadel Rapid Development Kinzan Platforms Novell Altoweb Modeling/Architecture The Mind Electric Novell Tools SOA Tools Wakesoft Instantis Aonix WebPutty Silver Leap Borland Zareus UDICo Interactive Objects Agile Testing Tools WebPutty MetaMatrix Web Services Rational Software Development Tools Mercury Interactive Sun Microsystems BarbadoSoft Parasoft Sybase Asset Management BEA Systems Rational Software Telelogic Tools Bowstreet Visible Systems Flashline Cape Clear LogicLibrary ClearMethods Service-Oriented Sybase Integration Vendors Legacy Encapsulation Systinet IONA Tools The Mind Electric Sonic Software Actional WebPutty WRQ Attachmate Hostbridge iWay Copyright © 2003 ZapThink LLC Seagull WRQ Copyright © 2005, ZapThink, LLC
15 SOA Tools Market Map - 2005
Transaction/Workflow/BPM Integrated Development Platforms & Tools Environments BEA Systems SOA Enablement Products Borland Fuego Cordys Actional Rational Software IBM AmberPoint IBM IDS Scheer Aris Blue Titan Microsoft Intalio Mega Confluent Software SOA Knowledge/ Composite Application Savvion Digital Evolution Training Platforms Flamenco Networks IBM Service-Oriented Above All Software Infravio SOA Software Microsoft Development/Runtime Cordys Talking Blocks Systinet SwingTide Westbridge Technology Platforms Jacada WestGlobal Exadel NetManage Rapid Development Kinzan Prima Solutions Platforms Novell Quovadx Altoweb Modeling/Architecture The Mind Electric Webify Solutions Novell Tools SOA Tools Wakesoft Instantis Aonix WebPutty Silver Leap Borland Zareus UDICo Interactive Objects Agile Testing Tools WebPutty MetaMatrix Web Services Rational Software Development Tools Mercury Interactive Sun Microsystems Parasoft BarbadoSoft Empirix Sybase Asset Management Rational Software BEA Systems Optimyz Telelogic Tools Bowstreet Segue Visible Systems Flashline Cape Clear LogicLibrary ClearMethods Solstice Service-Oriented Sybase Spirent Integration Vendors Legacy Encapsulation Systinet Brunswick WDI IONA Tools The Mind Electric Cordys Sonic Software Actional ClientSoft WebPutty Fiorano WRQ Attachmate GT Software Hostbridge Jacada IONA iWay Copyright © 2003 ZapThink LLC KnowNow Seagull Neon Systems Polar Lake WRQ NetManage Software AG Copyright © 2005, ZapThink,OpenConnect LLC Sybase
App. Integration, Process & SOAIF
Message- Integration Transaction Oriented Brokers Monitors Middleware
App Server Application B2Bi EAI ESB "Platforms" Servers
BPI
BPM SOAI
SOA Enablement SO Process SO Mgmt
Established Markets SOA
Transitional Implementation WS Markets Framework Markets Remaining Distinct Core SO Markets Copyright © 2005, ZapThink, LLC
16 SOP Market Map - 2003
Enterprise Applications B2B Integration Commerce One PeopleSoft Enterprise Application Cyclone Commerce SAP Integration SeeBeyond Sterling Commerce Siebel TIBCO Transaction/Workflow/BPM Vitria Platforms & Tools WebMethods Service-Oriented Akazi Integration Vendors FileNet IONA Fuego Polar Lake HandySoft Sonic Software IBM WRQ Service-Oriented IDS Scheer Aris Process Intalio Mega Metastorm Service-Oriented Manaement Savvion Actional Service-Oriented AmberPoint Process "Pure Plays" Blue Titan Confluent Software Choreology Digital Evolution Application Server Collaxa Flamenco Networks Platforms Intalio Infravio BEA Oak Grove Systems Talking Blocks IBM Versata Westbridge Technology Microsoft WestGlobal Novell Oracle Sun Copyright © 2005, ZapThink, LLC
SOP Market Map - 2005
Enterprise Applications B2B Integration Commerce One PeopleSoft Enterprise Application Cyclone Commerce SAP Integration SeeBeyond Sterling Commerce Siebel TIBCO Transaction/Workflow/BPM Vitria Platforms & Tools WebMethods Service-Oriented Akazi Integration Vendors FileNet Brunswick WDI IONA Fuego Cordys Polar Lake HandySoft Fiorano Sonic Software IBM Cordys Jacada WRQ Service-Oriented IDS Scheer ArisOracle KnowNow Process Intalio Software AG Mega Sybase Metastorm Service-Oriented Manaement Savvion Actional Service-Oriented AmberPoint Process "Pure Plays" SOA Software Blue Titan Confluent Software Choreology Digital Evolution Application Server Collaxa Flamenco Networks Platforms Intalio Infravio BEA Oak Grove Systems Talking Blocks IBM Versata Westbridge Technology Microsoft WestGlobal Novell Oracle Sun Copyright © 2005, ZapThink, LLC
17 Info. Integration, Content & SOAIF
SO Mgmt
SOA Implementation Framework BAM
SOII BI Analytics
SO Content Semantic EII Integration
Operational Data CMS Data Stores Integration
Data NXDs ETL Established Warehouses Markets
Transitional WS Markets
Markets Remaining Distinct Databases OLAP Core SO Markets Copyright © 2005, ZapThink, LLC
Next Steps?
• Take iterative approach to reduce risk • Security & management usually come first • Build SOA top-down (architectural plan) and bottom-up (build Services from existing
I t nt n e resources) e m gr e g a s a n l t a o S i o o M e T c n u s r s i ce t o y Pr
Copyright © 2005, ZapThink, LLC
18 SOAIF Futures…
SOAI
SOA Enablement SO Process SO Mgmt SO Security SOA Tools SOA Implementation Framework
Established SOII Markets
Transitional WS Markets SO Content Markets Remaining Distinct Core SO Markets Copyright © 2005, ZapThink, LLC
ZapThink is an industry analysis firm focused exclusively on XML, Web Services, and Service-Oriented Architecture.
Ronald Schmelzer Thank You! [email protected]
Jason Bloomberg [email protected]
Copyright © 2005, ZapThink, LLC
19 Appendix
Copyright © 2005, ZapThink, LLC
SOA is a discipline…
• Implementing a Service-Oriented Architecture is a journey
• Moving from proprietary interfaces to standards-based ones is just the first step…
• SOAs require a combination of security, management, integration, process, and architecture tools
• What are the right steps to guarantee overall success?
• How can you guarantee an ROI while reducing risk?
Copyright © 2005, ZapThink, LLC
20 SOA Abstracts the Plumbing
• Goal is reusable, composable business Services
• But what kind of infrastructure enables loosely coupled, composable, asynchronous Services?
• Many different approaches to implementation
Copyright © 2005, ZapThink, LLC
Don’t Get Lost in the Terminology ESB? Abstraction? SOA Infrastructure?EAI? Service Network? EDA? Service Grid? SOA? Fabric?
• There are many styles for SOA implementation • Focus on your goals: Reuse? Governance? Reduced integration cost? Agility?
Copyright © 2005, ZapThink, LLC
21 The 4+1 View Model of SOA
Logical View Implementation View Functional requirements Components
Data View Use Case View SOAs Information View
Process View Deployment View Processes Platforms
Copyright © 2005, ZapThink, LLC
SOA Enablement…
• Provide and enforce the SOA layer of abstraction
• Combine fine-grained APIs into coarse-grained business Services
• Mask complexity of underlying technology: message protocols, adapters, APIs, etc.
• Handle quality of service, scalability, etc. “behind the scenes”
Copyright © 2005, ZapThink, LLC
22 Important Points: Managing Services
• You need management when you offer your first “mission critical” Web Service (don’t wait!)
• Management is critical for building and running enterprise-class SOAs
• The Service-Oriented Management space is still in flux
Copyright © 2005, ZapThink, LLC
Enterprise Governance: Managing the People part of SOA
• Governance: the new business mandate – Establish and communicate policies that employees must follow – Give employees the tools they need to be compliant with those policies – Provide visibility into the levels of compliance in the organization – Mitigate any deviations from established policy • SOA-enabled Governance: – Policy management • SOA configured & controlled via metadata, including policy – Visibility • Services abstract heterogeneous data sources, providing necessary business intelligence – Flexibility • Ability to build Services that address compliance issues and adjust them as regulationsCopyright © 2005, or ZapThink, business LLC needs change
23 Mandatory, Urgent, & Non-Negotiable
Return On Investment
Risk Of Incarceration
Copyright © 2005, ZapThink, LLC
24