My Notes - SOA for Dummies Part 10

PART III Sustenance

All about other aspects of SOA like governance, security

Chapter 11: SOA Governance

-          SOA governance has clear impact on IT governance of the organisation.  IT governance is about managing IT of an individual department and managing IT across departments.

-          From implementation perspective SOA governance is a combination of policy, process and metadata of the component

-          SOA governance is more about how business units interacts involving SOA services, people in order to achieve business goals.

-          IT governance is about building business services where rules and process are correctly implemented; this is more targeted towards the reuse of services organization wide.

-          It is hard to convert or codify business requirements into services, and that’s about IT governance is.  These requirements are implemented by SOA services.  This is a how IT and SOA are related. 

-          As requirements keep changing, business processes and rules keep on updating, and so the IT governance is.  As SOA is an implementation of this IT governance, it has to accommodate all such change i.e. to remain dynamic.

-          SOA governance steps – organisation wide

o   Setup a board – to verify the business processes are followed correctly

o   Setup implementation standards across the board e.g. common technologies

o   Setup IT SOA governance Best practices – towards reuse of services across organisation, like service names, impact analysis, remedy action standards

o   Monitor the life-cycle services – bread-butter services for organisation, make it fail-safe and performance improvement

-          IT of an organisation expects from SOA

o   Modular design, standardization of webservice interfaces

o   Dependent webservices, reliable access, verification of quality and integrity of service and security

o   Track and report on results and service improvement

o   Well documented process on how regulations followed by services

-          Focus and object of SOA governance is:  to identify the services business needs and to conduct predictable and accurate those services. Also to maintain quality of service. 

-          Without SOA governance, SOA will not be trusted as a business computing model.

My Notes - SOA for Dummies Part 9

Chapter 10: The SOA supervisor

-           SOA is all about plumbing legacy applications and IT (Connecting business and IT).

-          Plumbing service:

o   Availability for life and death services for an organization

o   Response times and customer satisfaction

o   Business service mgmt

§  Monitoring service level

§  Identify faults and failures

§  Fault mgmt

§  Automate provisioning / remedial action

§  Performance modelling and optimization

§  Reporting

      

               The SOA Supervisor

o   SOA supervisor can also have Service Level Agreement Monitoring, which just monitors all good and happening as per deal.   SLA monitoring connected to adapters in order to monitor. If any bad is reported SLA monitoring informs SOA supervisor to take care by remedial action.

o   However this is solution is still not implemented all SOA and it’s ideal to have in your SOA implementation.

My Notes - SOA for Dummies Part 8

Chapter 9: The Enterprise Service Bus

As  evolved from Enterprise Application Integration (EAI), ESB ensures the different components / applications work together dynamically.

-          Broad level functions

o   Messaging service – transporting messages, reliable communications

o   Management services – apply and monitor service level and own performance rules, handling messages priorities, apply global business rules.

o   Interface service – validates messages against the schema

o   Mediation service – sends and converts messages between 2 connecting apps.  This can be part of SOA Service Broker.

o   Metadata Service – transforms data as per source and destinations apps. E.g. definition of Customer can be different for each connecting app.  ESB handles it either by storing that definition locally using light-weight registry or external registry.

o   Security, encryption for communication.  Authentication, authorization, privacy, data integrity, audit are goals of security.  ESB doesn’t implement any security, however facilitates pluggable security.  It is a type of mediation service. SOA Service Broker has this responsibility.

-          Core services ESB offers is messaging and management service, all other service can be duplicated, like interface service, which can be offered by other SOA layers.  As ESB is more generic and needs to stand on its own, so the duplication.

Types of messaging

-         

            Point-to-point – No response expected, message just sent

-          Point-to-point request/response – Transaction not complete until response is received by sender

-          Broadcast – Broadcasts messages to multiple receivers, no response expected

-          Broadcast request/response – only difference from above is that, transaction isn’t complete until all responses received for requests sent.

-          Publish/subscribe – Messages received by those who subscribe to receive the messages published at agreed place.               

-          Store/forward – if recipient doesn’t get sent messages, this type will store messages and forwards once receiver becomes online.

-          Runtime ESB - ESB doesn’t run as an island. It keeps things loose and increases reliability and predictability for connection services.

My Notes - SOA for Dummies Part 7

Chapter 8: The Registry and the Broker

-          SOA Registry key functionality

o   Publish webservices and enable their discovery

o   Collect and maintain metadata about webservices

o   Govern webservice usage

-          What is metadata

o   Data to describe the webservices

o   Business rules

o   Rules used to access those WS.

-          Brokering Services

o   It’s about finding services and connecting consumer service and producer service as per the rules specified policy engine (visualize as a component of the registry) to invoke target service.

o   In order to achieve this, services must be published to registry.

-          Registry – what’s inside?

o   Webservices component description – Rules about the service itself, follows UDDI standard

o   Legacy component description – if webservice is a legacy service, rules that govern to invoke such service

o   Business process definition – Holds a map of complete business process in order to orchestrate the services invocation in a given business process.   It’s broader than just webservices.

o   Business process rules – Rules that applies business process wide, like security it is another webservice component in itself.

o   Performance rules – what are the performance requirements in order to invoke the service at the outset.  ( SOA supervisor does same at runtime)

o   Governance rules – to handle change management of contents of registry like webservices rules

-          Service Broker – What it does? – It works with Service Registry and connects all services needed and uses information stored in registry to invoke the business process.    So how it does this?

• When application is requested, broker gets notification.
  
•    Consults registry, what needs to be done and whether it can be invoked at this time.
• Broker checks

• All components are working and if not it starts them.
• Interfaces between components and what information those interfaces need to know, as all adapters get connected to execute requested business process.
• If any rules associated with the connection between components (or adapters).  So components get them from Rules Engine associated with registry.
• Based on rules if required, broker checks and gets the connection with other components.

        

My Notes - SOA for Dummies Part 6

Chapter 7: Dealing with Adapters

-          Why they are important?  How they came into existence? 

-          But you should have one if you have an application or business process that gets called by webservice.  It’s done in registry and the changes to actual implementation are transparent to adapters.  

-          These days many vendor softwares like SAP or BPM softwares comes with ready adapters or can build while you are constructing your business process.  At a technical level to write an adapter you need a source code of actual implementation which executes the resultant functionality, so that you are customize how adapter communicates with outer world.

My Notes - SOA for Dummies Part 5

Wednesday, 18 February 2009

Chapter 6: Xplicating XML

Here author talks about XML and how different forms of XML used in the SOA.   These forms include XML for actual data, XSD for metadata, WSDL for webservice description, SOAP for message transport.  

My Notes - SOA for Dummies Part 4

Chapter 5: Loose coupling and Federation

Loose Coupling

-          Old applications were tightly coupled and were executed and maintained as huge chunk of code, which is hard to maintain and change.

-          Loosely coupled applications are independent of each other in terms of execution, so can be replaced without affecting others.

-          Such loosely coupled applications can be tightly coupled by themselves, that tight coupling is among the subcomponents it has.

-          Other advantages can be

o   Create new applications easily by assembling such discrete services/applications

o   Create secured business applications quickly, as security can be another independent service itself which can be hooked with other services.

o   Isolate problems easily, to locate failures, easy to test.

o   Such services can be reused and can be sold separately to other applications

Licensing

-          Licensing has been changed to one perpetual license to subscription based, for services used.  SOA services can be licensed in similar fashion.  Different applications/domains have different ways to do it.

-          How licensing and charging such services be different? Like some financial services can be charged per transaction.

Federation

-          It’s about governing policies,

-          Services has some set of policies which are used application / companywide (imagine federal government) and these policies can have local flavour per each department, which is more domain specific for the environment in which those services will operate (imagine state government). 

-          So Federation is used to solve integration issues.  In other words changing global policies to suit local needs, so that integration can be easy.

SOA and Federation

-          Federation is implemented using SOA registries, where application-wide or global policies are in SOA registry, which is treated as parent registry by other domain specific registries.

-          Every domain (or department) will have its individual registry which inherits from global policies and also includes domain specific policy.

-          Security can be one of the global policies.

-          Domain is defined by SOA registry and SOA broker.  And other SOA components can be shared across domains.