Professional Documents
Culture Documents
Contents
1. Introduction [This content is currently in development.]................................................4
2. Case Study Background .....................................................................................................5
2.1 Company Background ..............................................................................................5
2.2 System Landscape .....................................................................................................6
2.3 Integration Spaghetti ..............................................................................................10
2.4 Business / IT Partnership .......................................................................................10
3. SOA Fundamentals ...........................................................................................................13
Introduction...................................................................................................................13
3.1 SOA Overview .........................................................................................................14
3.2 Components of a Next Generation Service Oriented Enterprise........................26
3.3 Supporting the Service Lifecycle ...........................................................................31
4. SOA The First 10 Years .................................................................................................45
4.1 History of Service-Oriented Architecture .............................................................45
4.2 State of Technology .................................................................................................47
4.3 Methodology ............................................................................................................54
4.4 Industry Penetration...............................................................................................60
5. Next Generation SOA Technologies.................................................................................64
5.1 Service Implementation with Service Component Architecture (SCA) .............64
5.2 Technology Independent Data Access through Service Data Objects (SDO).....69
5.3 Composition Technologies for Task Services ........................................................72
5.4 Model Driven Software Design (MDSD) and ESB for Standardized Contracts75
5.5 Orchestration Technologies for Automated Processes .........................................78
5.6 Next Generation Business Process Management System (BPMS)......................81
5.7 Service Oriented Business Intelligence..................................................................86
5.8 Master Data Management......................................................................................88
5.9 Event-Driven SOA ..................................................................................................93
5.10 Enterprise Portal.................................................................................................102
5.11 Mobile Computing ..............................................................................................108
5.12 Agent-driven SOA for Awareness and Smartness ............................................ 111
5.13 Semantic SOA for Automation and Dynamism................................................ 112
5.14 Service Virtualization for Simpler Service Plug & Play .................................. 114
5.15 Web APIs.............................................................................................................. 115
6. Next Generation SOA Practices..................................................................................... 119
6.1 Next Generation SOA Principles ......................................................................... 119
6.2 Next Generation SOA Design Patterns ...............................................................147
6.3 Technology Direction ............................................................................................160
7. Next Generation Service-Oriented IT Enterprise ........................................................173
Introduction.................................................................................................................173
7.1 Building a Next Generation SOA Infrastructure ...............................................174
7.2 Next Generation SOA as a Strategic Business Asset ..........................................179
2
After taking inventory, the lead architect and his team analyzed the existing
RYLC system landscape for possible problems and ways to facilitate rapid
implementation of the business strategy described above. The main results of
the analysis are presented below:
The system landscape consists of many legacy applications with a wealth of
uncontrolled connections to the neighboring systems (batch).
The potential for automating workflows and processes cannot be exploited
because of multiple interfaces and protocols as well as inadequate system
integration capabilities.
100% online processing is impossible due to the asynchronous integration
usually via nightly batch runs.
Security is often only implemented within the individual systems and can
only be granted by the IT department. No comprehensive SSO capabilities
exist.
Data is stored at different locations and, in some cases, duplicated. Data
quality differs widely from application to application.
The process that defines access to the customer data is poorly standardized.
It largely exists in the employees heads and in the variety of isolated
applications. Little automation exists.
The aforementioned problems are not new to RYLC. The management has
been trying to overcome them for years. To be able to calculate customer
trends and extract data from the different systems, a data warehouse was
introduced. To improve data quality, a team of students was employed to
manually perform maintenance operations.
However, these measures did not solve the problems facing RYLC, as they
only addressed the symptoms, not the causes. The architecture continued to
prove too inflexible. As a result, about a year ago, the CIO decided to introduce
an integration engine, which was intended to solve existing problems and
some of the integration challenges.
2.3 Integration Spaghetti
The newly acquired integration platform contained a number of key
capabilities that RYLC wanted to leverage, most importantly Enterprise
Service Bus (ESB) and a Business Process Management (BPM) engine. The
ESB contained all the integration capabilities necessary to glue RYLC systems
together. The BPM engine was intended to be used for automating long
running and human-facing processes.
The integration between the car rental application and the CRM system was
implemented using the integration solution as part of a proof of concept. The
rental and sales processes were automated via the BPM engine. The
integration between the automated processes and applications was achieved
via web service adapters. Using a legacy adapter provided by the integration
engine, different functions of the CRM system were orchestrated and accessed
directly. The necessary transformation logic for the data mapping between
different systems was stored directly in the integration definitions.
This approach led to business process logic and integration logic being
interwoven within the BPM automated processes. As a result, the
implemented business processes and their sub-processes were almost
impossible to reuse.
2.4 Business / IT Partnership
Tight coupling between process and integration logic did not support RYLC
goals of growth through acquisitions or faster speed to market. The need to
integrate systems or deliver new functionality quickly could not be achieved in
this situation. Efficiency is difficult to achieve when processes and systems are
10
11
To achieve this, the rental application needs to provide the rental process
or its sub-processes a service that can be accessed via the Web. Additional
user and rights management capabilities are required to allow customers
to access this process directly. In addition, a new, channel-specific user
interface could be developed to be used by both internal employees and
customers. This user interface could also be utilized if additional sales
offices had to be served as a result of an acquisition.
12
3. SOA Fundamentals
Introduction
Implementing next generation SOA will fundamentally change the way that
organizations use IT to support their business activities. Many individuals
within each organization will define their activities in terms of services,
though the term service itself will have subtly a different meaning depending
on the context in which it is being used:
To a business executive or business professional, a service corresponds to a
capability or necessary business activity performed either by the organization
itself or a business partner. High-level examples of such business services
include accounting, human resources, or marketing. Business users want the
maximum quality and flexibility of such services at minimum overall cost.
To a business analyst, services represent an elegant and complete way of
modeling the details of how any organization functions. Large-scale business
services, such as those described above, can be broken down into a succession
of smaller subsidiary services representing processes, sub-processes etc, and
decomposed eventually into a number of relatively simple services
representing leaf level business tasks. Many of the services representing
processes, sub-processes and tasks are repeatedly used across multiple
business activities.
To an IT professional, services provide a series of highly
structured contracts that define the interfaces of IT systems that support the
business. Service contracts provide details as to what each service does, how
to use it, what the inputs and outputs are, any error conditions that might
occur, and details of performance, security and availability.
Note
It is a common misconception to equate services with Web Services. Web
Services is an important technology used to implement many services, but
there are alternative service implementation technologies, such as DDS and
REST.
13
14
The business development plan determines the priority in which the services
in the abstract service model will be realized as physical IT assets. Once these
services become operational, monitoring their individual usage can provide
real-time insight into the vitality enterprises operations, and the degree to
which it is meeting its business targets.
The organizational model helps define the requestors and providers of each
service. Services with many requestors should be given a high development
priority.
The business object domain(BOD) model, which defines the business entities,
maps them to a set of business domains and defines a set of relationships
between business entities, is used to define the inputs and outputs of each
service. Enterprises that use a standard industry model have a huge advantage
when it comes to interoperability with customers, suppliers, and the process
of performing business mergers and acquisitions.
Figure 3.1. Inputs to the Service Model
16
17
18
19
To enable this, SOA adds eight additional architectural principles. The formal
definitions of these are listed below, with explanatory notes in braces:
Standardized Service Contract Services within the same service inventory
are in compliance with the same contract design standards (e.g. they are based
on a single consistent business model).
Service Loose Coupling Service contracts impose low consumer coupling
requirements and are themselves decoupled from their surrounding
environment (i.e. their use is independent of the technology platforms of
either the service consumer or service provider, allowing, for example, .Net
clients to use services implemented in Java and vice versa)
Service Abstraction Service contracts only contain essential information
and information about services is limited to what is published in service
contracts (the service contract contracts does notdefine any details of how the
service will be implemented giving the IT department the ability to change
the technical implementation of the service in the future, provided they can
still honor its contractual terms).
Service Reusability - Services contain and express agnostic logic and can be
positioned as reusable enterprises resources (i.e. services do not represent
tasks that have to be executed in a specific sequence, and each service can be
executed as a completely separate unit of work. This both simplifies their use,
and enables the service provider to deploy multiple separate physical
instances of a service within their network).
Service Statelessness Services minimize resource consumption by
deferring the management of state information when necessary.
Service Discoverability Services are supplemented with communicative
meta data by which they can be effectively discovered and interpreted (so that,
for example, a new user can locate, bind to, and execute any service that they
are authorized to use, without being explicit enabling action from the service
provider. This enables dynamic runtime discovery and execution of services).
Service Composability Services are effective composition participants,
regardless of the size and complexity of the composition (i.e. in order to
perform the desired action, a service may invoke any other service or services
it chooses)
20
Note
these are described in detail in the book SOA Principles of Service Design
In a service-oriented approach, service requestors and service providers
interact using a standardized set of service interfaces. Service requestors and
service providers can be individuals, applications, automated or manual
processes, or other service requestors or providers.
This approach provides superior levels of intercommunication between
business professionals, applications, business units, and business partners
that can help improve the organizations overall flexibility and business agility.
Application packages still exist in the service-oriented IT model and remain an
appropriate primary tool for clerical tasks and specialized activities such as
word processing; functionality from some applications may also be exposed
through service interfaces, to make it more generally accessible.
Compared with an application-centric approach:
Services provide much more flexibility in how technology supports business
processes
Services provide much more modular access to IT functionality
Services provide any-to-any connectivity between requestors and providers;
any service provider may also make requests to other service providers to
fulfill the terms of its contract.
The SOA infrastructure implements a layered architecture that handles
security, monitoring of delivery quality and routing of requests to the most
appropriate provider resource
Services should use a consistent information model to represent any
business entity involved in their execution. If an application package or
database acting as specific service provider uses a different format for one or
more business entities, a component within the SOA infrastructure called
the Enterprise Service Bus or ESB handles most data transformation, making
the process completely transparent to the service requestor.
Unlike applications that require their end users to establish some form of a
session, the majority of services are transactional. The ESB routes each service
21
Figure 3.3 above shows how SOA takes a more layered approach to its
technical architecture. Note especially the symmetry between the set of service
requestors on the left and the set of service providers on the, right,
demonstrating the way SOA provides any-to-any connectivity.
22
24
25
26
and tasks. Conceptual services in the service model should document any
business entities are involved in their execution.
The Service Inventory contains the set of services from the service model
that have been physically realized as IT assets, either purchased commercially,
developed internally, or provided by third parties. The service inventory is a
subset of the service portfolio, which includes services that are planned to be
developed, and services that have been retired or re-versioned as well as
operational services. The sequence for adding candidate services to the service
inventory should be determined by a combination of their business value,
implementation cost, and reusability across the enterprise and its business
partners.
Software Components to Support SOA
SOA is maturing rapidly, and many commercial software packages, both
closed and open source, exist to support the development, testing and
operation of services. Figure 3.4 below shows a simplified view of a typical
SOA environment. SOA implements a tiered architecture, where the three
tiers
are
the client tier,
the middle tier,
and
the Enterprise
InformationSystems Tier.
The client tier contains the service requestors, the Enterprise Integration
Systems tier contains major business applications and databases, while the
middle tier contains the code to route and transform messages, manipulate
data, and coordinate and monitor service execution. The business logic for a
service may reside in either the middle tier or the EIS tier, depending on the
nature of the service requestor.
Fig. 3.5. A Typical SOA Environment Implements a 3-tier
Architecture
27
28
30
31
Monitoring and reporting service usage, status, and the current overall
impact on business profitability, flexibility and agility
Note
SOA Governance is covered in detail in the book SOA Governance in this
series
Initial Preparation
The end goal of next generation SOA is to ensure the success of the enterprise
by integrating IT infrastructure, SOA, IT and corporate governance,
automated and manual business processes and software assets to provide the
best possible support for its business goals and objectives.
This integrated approach needs to be constructed on top of firm foundations.
These include:
Effective corporate and IT governance: Its difficult to implement SOA
governance succesfully unless there is an established base of governance, both
at a corporate and IT level. This would include the existence of a formal set of
corporate policies, rules and regulations that control working practices, a
clearly defined set of responsibilities, authorization levels and permissions,
together with an organizational structure, such as a Program Office, to enforce
them and to allow exceptions to the rules in rare cases when it is absolutely
necessary.
As well as having its own set of well-defined roles and responsibilities,
IT governance should include policies that determine how projects will
be prioritized and funded, how systems and end users should be
supported, and how capacity should be managed.
An Existing Architectural Approach to IT: Its virtually
impossible to impliment SOA succesfully unless the enterprise is
already committed to taking an architectural approach to IT.
Evidence for such an approach includes the existence of:
Architectural standards that define the enterprises authorized
list of applicable technology and techniques. These should be more
open than vendor-dependent standards.
Architectural Principles to which new IT systems or solutions
must conform
33
34
the heat map priority capabilities, then decomposing them progresssively into
a set of services representing sub-pocesses, sub-process, tasks and so on...
The set of candidate services derived from this approach is likely to grow
rapidly, and few enterprises are likely to have sufficient resources to rapidly
implement all of them, so it is vital to prioritize their development. The first
services to be developed or purchased should be those that:
Have high business benefit, and
Have low development or purchase cost, and
Are reusable across multiple business units
In the first instance, when requirements analysis is incomplete and design has
not even started, such an assessment will be mainly subjective, but it should
be possible to triage the list of candidate services to a more manageable set
small enough that their requirements can be analyzed in more detail.
A key aspect of SOA is to create reusable services that support the whole
enterprise, rather than build functional silosspecific to each business
operating unit. While it would be unreasonable to expect to identify and
satisfy the needs of all potential users for each candidate service, competent
business analysts should be able to identify many of the instances where
separate business units share a common functional need that could be
implemented as a shared service.
The end product of the service discovery and analysis phase should be a set of
prioritized candidate services, each of which has a detailed set of requirements,
a definition of who should be authorized to utilize it, plus any modifications it
requires to the standard set of SLAs. Good SOA governance requires a formal
review at this stage.
The Service Design Phase
The principal software toolsthat support this activity are the service
registry/repository and business process modeling tools. Typically, this phase
is split into two segments, high-level design and detailed design:
High-level design involves activities such as deciding on the optimum
technology to create the service, what standards it should embrace, and which
35
design patterns should be used to construct it. Design patterns represent tried
and tested approaches for solving specific types of business or technical
problem; see the book SOA Design Patterns for more detail on this topic.
At this stage, a decision should be made on whether it is feasible to
continue with realizing the service provider, and, if so, how it will be
sourced. Options include: purchasing from a commercial vendor,
constructing it using existing modules or creating it from scratch.
Next generation SOA provides a wealth of possible technology
platforms for creating and deploying services, including:
Web services, DDS and REST for simple transactional services
Business Process Management and business rules engines for
business process automation
Automated event management to respond to business-related or
systems management events
The ability to move some or all responsibility for service execution
to or from the cloud
The outline design should be assessed to determine whether the service
is likely to be capable of meeting the performance targets contained
within its SLAs.
The high-level design should also specify how security, monitoring and
systems management will be performed for the service.
Detailed Design involves defining the business logic for the service, and
specifying what, if, any data transforms are needed to convert between the
format used by the service provider and the format defined by the
informationmodel.
It is appropriate at this stage to create a detailed test plan and a set of
test data for the service to be used during service development to
confirm the validity and performance of the service as it is being
developed. The complete set of error messages that the service might
return should also be defined at this stage.
Formal SOA governance reviews should confirm that these two steps have
been completed succesfully before the service is passed to the developers.
The Service Development Phase
36
This is the phase where the actual service is constructed and unit tested. The
development approach for each service will depend on the technology selected
for its implementation. In virtually all cases, the quality and consistency of
code development can be improved, and associated development costs
reduced by using commercial System/Service Development Kits or SDKs that
automate the development process, as well as the service registry/repository
and code repository tools shown in Fig. 3.6 above.
Virtually all these SDKs adopt a model-driven approach, where the designer
or developer works with a visual model of the service artifact, progressively
refining it to the point where the physical source code can be generated
automatically.
For some service technologies, for example Web Services created in Java ,
some further physical programming may be required to add business logic to
the generated code, but in many other cases, the complete source code for the
service can be generated directly from a model. Fully functional BPEL, a
language in which executable business processes are written, forexample, can
be directly generated from a process model, BPMN, or a business process
modeling tool.
Functional unit testing is an integral part of service development. A good
practice is to implement code walkthroughs where the physical code for each
service is peer reviewed. This process helps to spot deviations from the
required standards or design patterns, helps ensure a consistency of coding
standards and approach, and also acts as a means for mentoring the more
junior developers.
Service Testing Phase
In this phase, services are subject a rigorous suite of functional and
performance tests to determine all aspects of service quality. The enterprise
needs to establish separate physical environments for functional and
performance testing that emulate a real production environment. If the
service fails any test, it is returned to the developer for rework, and, once that
is completed, the service should again be subject regression testing i.e.
re-applying the complete battery of tests to ensure its integrity.
Many commercial tools are available to help automate service testing; these
are especially useful for regression testing.
37
The final test in the series is an acceptance test, where the IT operations group
confirms that the service is not only functionally correct and meets its
performance SLAs, but that it can be systems managed and monitored in a
production-like environment.
Service Deployment Phase
The physical deployment process of a service depends on its development
technology and the physical environment in which it will execute. The
objective of service deployment is to ensure that no service is deployed to
production that might damage either the production environment or the
reputation of the service developers.
In a deployment phase, a collection of related services, known as a
deployment unit, is moved into an environment that emulates the production
environment in all respects, where it is subject to simulated traffic. This test is
to check for memory leaks (modules that acquire computer memory resources
but fail to release them once they complete) that could cause problems over an
extended period. This simulated operational period is sometimes known as
soak.
Once a service or deployment unit passes the soak test, there should be a
formal SOA governance certification review, to confirm that the service is redy
in all respects for accredited requestors to begin using it.
Service Operational Phase
This is the working phase of the services life. Every time a service is executed,
an audit trail should be kept to record:
The service requestor
Which service provider handled the request
The date and time
How long the service took to execute
Whether the service completed normally or returned an error code
The physical details of how this information is recorded depend on the service
technology and the production environment. For example, monitoring of Web
38
39
RYLC first created a business heat map to help create a consensus on the
priority business issues:
Fig. 3.7. RYLCs heat map established their principal business
priorities.
The highest priority area was customer relations, which urgently needed
improving since it was adversely affecting profitability; joint second
priorities were vehicle maintenance (which was a contributor to the
customer relations issue) and the provision of a new Internet sales channel.
RYLC then began creating a conceptual service model of these priority areas.
Two high-level services were immediately identified:
A customer profile service that would provide a single point of contact
for accessing, updating or creating all stored information about each customer,
including vehicle preferences, home address, driving license and credit card
details
A vehicle profile service that would provide a similar service for each
vehicle, including vehicle history and information about when the vehicle is
due for servicing
For each of these services there would be associated operations to search for,
create or edit matching profiles. Both of these services would be highly
40
41
42
For the technically minded, this solution uses several of the patterns
described in the SOA Design Patterns book in this series, including:
The multi-channel endpoint design pattern which coordinates multiple
physical sources to provide a virtual service provider
The legacy wrapper pattern which hides legacy systems behind a structured
service faade
There were some technical issues in creating legacy wrappers for some of
the legacy systems, but the new cloud-based customer and vehicle profile
services became operational in around four months. They were an instant
success, and RYLC surveys showed a steady increase in customer
satisfaction and returning customers.
43
The design team for the new Internet rental channel was involved in the
details of the design of these two services, which also represented the
foundation for the development of the new RYLC customer website.
Summary of Key Points
Next Generation SOA represents a holistic approach for delivering IT
support to the enterprise in a manner that enhances its productivity, flexibility
and agility.
Next Generation SOA adds new technologies such as Business Process
Management, Business rule execution engines, SOA governance automation
and Cloud computing
Good governance practices should ensure that business needs analyzed and
prioritized to define the most cost effective order for service development and
deployment
To develop and deploy service most efficiently, enterprises should
implement a production line methodology that comprehensively governs and
supports and each service through its entire lifecycle from the original
conception, through a series of analyses, prioritization, contract and internal
design, testing, deployment and re-versioning or retirement.
44
45
46
47
A variety of other tools and technologies that are emerging now or are related
to emerging service orientation trends are covered in the subsequent chapters.
In this section, we will discuss only those technologies that have been well
established or widely recognized. It is important to note that most of SOA
vendors today offer an integrated technology stack that contains most, if not
all of these capabilities.
Enterprise Service Bus
The Enterprise Service Bus technology was the first player in the SOA market.
It generally evolved from the integration middleware. However, the ESB
vendors that exist today have taken different paths to establishing their
products. These approaches can be summarized as:
Building a product from scratch
Adding SOA capabilities to an existing integration platform
Adding integration and message routing capabilities to an application server
platform
Acquiring and building on other products
Many books and articles have been written about ESB capabilities, usage, and
benefits. We will not recap them here. However, to capture the current state of
the Enterprise Service Bus technology, it is worthwhile to understand where
the natural product evolution cycle is today.
ESBs remain the centerpiece of many service-oriented architecture
approaches. They are primarily used as real-time and asynchronous
communication hubs between various systems providing and consuming
shared services. Figure 4.2 contains a generalized depiction of an ESB
platform and its capabilities.
Figure 4.2. Enterprise Service Bus platforms provide a variety of
capabilities to their consumers.
48
49
Registry / Repository
The Registry / Repository (RegRep) platforms and their capabilities have
been covered in great detail in the Service-oriented Computing Series SOA
Governance book. It is, however, worth describing the history and current
state of the Registry technologies.
Registries first appeared around 2001 when Web Service standards were
introduced. The initial incarnation of this technology was the UDDI registry.
It enabled registration and discovery of web services, based on UDDI and
WSDL protocols. The functionality was generally limited to registering WSDLs
with the registry and allowing users to discover them at design- or run-time.
UDDI standards evolved over time, added some additional features, and
expanded beyond web services. Unfortunately, UDDI never became widely
adopted due to lack of key features supporting the SOA lifecycle and related
technology platforms.
This gave rise to the new breed of registry products that included capabilities
to store, manage, and publish service metadata, govern the lifecycle of these
services, and integrate with many elements of the SOA ecosystem. These
products became known as Registries/Repositories. Figure 4.3 represents the
current evolution of the Registry/Repository platform and its impact on the
SOA lifecycle.
Figure 4.3. A Registry/Repository platform plays a central role in
the SOA ecosystem and service lifecycle.
50
51
ability to record and play back the execution of these tests. Many concepts and
approaches were borrowed from unit and functional testing platforms.
Today, the SOA testing tools provide a complete quality and regression testing
capabilities for a variety of service interfaces. While these tools started with
purely Web Service testing capabilities, they evolved to encompass a much
wider array of protocols, messaging mechanisms, and interfaces. Many
products even offer load testing capabilities that can test how the existing test
cases perform under load.
Since testing plays an important role in the service lifecycle, many SOA
governance platforms and SOA testing tools integrate with each other. This
enables a much better cohesion between SOA governance mandates and
testing outcomes.
Case Study Example
As you recall, RYLC has identified three business processes to be
implemented by the IT as a priority to make it competitive again. They
included strengthening CRM integration with the rental process,
automation of the fleet maintenance process, and development of a new
sales process.
In order to establish the right foundation for this transformation, RYLC
decided to implement the following technologies:
A BPM engine for implementing the new processes that should no longer be
hardwired into the applications.
An ESB in order to address the pending integration scenarios and provide a
virtualization layer for services that are orchestrated by the BPM engine.
The use of a rule engine was classified as important in order to gain
flexibility with implementing frequently changing rules, but it was
scheduled for the next phase. No Registry / Repository, Business Activity
Monitoring (BAM) or event processing was included in the initial platform
rollout because no short-term benefits were expected.
Summary of Key Points
53
56
Information / data
Security / policies
Supporting technology / automation
All of these specific models and aspects of SOA Governance are described in
detail in the Service-oriented Computing Series SOA Governance book.
Therefore, we will not delve too deep into each of these categories. Instead, we
will recap the state of SOA Governance to establish a solid foundation for the
discussions later on in the book.
The primary goal of SOA Governance is to ensure proper delivery of shared
services. This is typically achieved through several means:
Governance processes
Checkpoints / gates
Integration with change and release management
In typical SOA Governance models, various processes are established to
ensure that both service consumers and providers know what steps they
should execute, when, and how. Many aspects of SOA Governance identified
above are managed through these processes. Since they have to integrate with
overarching IT governance and its processes, seamless integration between
the two is often sought.
SOA Governance checkpoints typically represent transition stages between
key steps within an SOA Governance process. They are needed to ensure that
the previous step or phase has been completed properly. There may be a
formal review of the produced deliverables, and a formal approval to proceed
may need to be granted. Typical SOA Governance checkpoints include:
Architecture board review
Design review
Code review
Pre-production validation / review
57
59
60
61
As you can see, SOA adoption potential depends largely on the industry, which,
in turn, drives how companies are structured and what technology solutions
they use. Despite the general patterns, some visionary or cutting edge
organizations will buck the trend and join an earlier group of adopters. The
SOA adoption potential, regardless of the industry, company size, or its
technology landscape, largely depends on several factors.
Visionary business and/or IT leaders
Strategic direction requiring significant efficiencies and agility on the
business and/or IT side
Competitive pressures
Market shrinkage or profit erosion
Similarly, inability of many companies to adopt or successfully implement
SOA programs hinges on several factors.
Culture
62
63
65
forbid mixing integration logic with database access logic in the same SCA
composite. SCA provides a language-neutral syntax using XML for configuring
and wiring disparate and distributed service components together to create
business-aware composites. One SCA composite may comprise of several
components that are wired together in order to provide coherent functionality.
Examples for component technologies can be:
ESB type of functionality for routing and data transformation
Executable BPMN 2.0 processes
Executable BPEL processes
Rules in a Rule Engine
Java
Java Spring Beans (EJBs are not an SCA component, yet the SCA spec
standardizes a binding)
Microsoft Windows Azure AppFabric
C++ or COBOL components
The standard SCA does not dictate that all specified implementation
technologies must be supported by an SCA-based middleware. In the specs
section about conformance and compliance, it is stated that, as a minimum, a
container must understand the assembly model, at least one of the sanctioned
implementation languages and the binding for web services.
An SCA composite is typically designed in a graphical editor. You can visually
configure the operations and channels of the service that the composite
exposes to its consumers as well as the references that provide the bindings to
external resources that the composite depends upon such as deeper level
services or adapters. That is, the implementation can utilize other providers
services hosted elsewhere. As an example, an SCA composite that is
categorized as a Task Service can call several SCA composites that are
categorized as Entity Services or Utility Services. An ESB can be used as an
intermediary to establish further decoupling. Through the SCA visual
67
framework, you can wire together the components needed for each operation,
for example a BPEL process and some supporting Java Spring Beans.
An implementation may also have one or more configurable properties. A
property is a data value that can be externally configured, and this activity
affects the business function of the implementation.
The SCA assembly layer captures the configuration of components and their
dependencies on other components services that have been created based on
the SCA programming model. SCA comes with a proven mechanism to build
coarse-grained components as assemblies of fine-grained components. SCA
offers a mechanism to package and deploy sets of closely related components
that are developed (the spec uses the word contributed) and deployed
together as a unit. It decouples service implementation and assembly from the
details of infrastructure capabilities.
Thus, SCA relieves programmers from the drudgery of traditional middleware
programming by abstracting it from business logic. It allows developers to
focus solely on writing business logic.
Case Study Example
The application landscape of the car rental company RYLC encompasses
two CRM systems due to historical reasons. A process analysis revealed that
during the car rental process customer data that comes from both systems
must be accessed. The architects found a solution in which a task service
provides a unified customer related interface for an executable BPMN 2.0
process and internally consolidates customer data from both CRM systems.
The internal details of the implementation are hidden from the consumers
of this task service. It could be two references to existing services, a BPEL
process or a technical adapter to a master data management solution that
integrates with both CRM systems. SCA is used as a composite container for
either implementation. The consumer of the task service only knows the
interface to access the appropriate customer data and does not need to
know where this data comes from and whether its implementation station
strategy has changed.
Summary of Key Points
SCA is a container concept that allows assembling and virtually embedding
pieces of functionality based on standard contracts
68
69
2. The service data object, which stores data not only in the form of a
hierarchical tree (e.g. employee address street), but also stores a
change summary documenting changes (e.g. a newly created street).
This is the approach taken with Service data objects (SDOs) as depicted
in Figure 5.2.
Figure 5.2. Service data object (graph including change summary)
Source:http://www.osoa.org/download/attachments/36/Java-SDO
-Spec-v2.1.0-FINAL.pdf
Impact on Architecture
If SDOs are used to transmit data between services, less data must be sent
upon changes. Only the change summary is sent rather than the entire object
or a large XML message.
SDOs can be used throughout the service categories (except for utility services)
Entity Services retrieve data from databases and expose it via SDOs that are
used by Task Services to assemble complex data types. SDOs will have an
impact on the structure of data Task Services will expose insofar as the
original structure of the entities will stay intact when assembled.
SDOs are not a silver bullet. They require all involved services to be working
through middleware that provides SDO support and a binding mechanism to
the underlying data store. Thus, there is a coupling involved that implies a
high price that must be weighed against the benefits of live objects on the
consumer side and performance gains through the reduced payload size.
Case Study Example
In the architecture of the RYLC systems, SDOs are used to access large-scale
business objects such as customer or car, but only small attribute chunks of
these business objects are really needed in a specific context. Entity services
for customer or car are taking care of all the attribute changes within the
entities they are managing. In many use cases, transferring the complete
object graph through the whole service chain would violate performance
SLAs. For these contexts, entity services provide representations of their
business objects as SDOs that manage transparently only the respective
change set and transfers it to their consumers. RYLC found this solution to
involve little implementation overhead and to provide excellent throughput
and performance characteristics.
Summary of Key Points
Service data objects (SDO) store and pass data in the form of hierarchical
trees and change summaries
SDOs can limit the amount of data being sent between service consumers
and providers
71
The application of SDO can replace old CRUD based SOA application
designs
Business services can work directly on their datasets without being
concerned about backend synchronization
5.3 Composition Technologies for Task Services
In todays SOA world, there are plenty of composition technologies that are
being used. This section discusses the best way to orchestrate and
choreograph task and other services.
Concepts
A service inventory consists of a task service layer and a basic service layer
that provides highly reusable utility services and entity services. Task services
expose functionality in their contract that are motivated by specific needs of
concrete business process activities or use cases. Internally they use the
services of the basic layer to assemble the data and functionality needed by the
consumer of the task service. The definition of that assembly line is called
composition. It defines the flow in which atomic basic services (their
operations) are invoked, their data gathered and a complex data structure that
fits the consumers specific needs is constructed.
Problem Being Addressed
A typical characteristic of currently SOA-labeled solution architecture is the
lack of a dedicated task service layer. Instead, you will find classic model view
control (MVC) architecture, where view and controller components are JEE
or .NET based. The model consists of Entity Services that access a database.
These Entity Services expose core business objects such as customer or
product. Yet, in the context of concrete use cases and process steps, we need
combined entities that group specific data from other entities (e.g. a customer
and its orders) and provide a use case specific view on this data. This logic
resides classically near the frontend, because here the use case specific bundle
of data is needed.
This architecture prohibits realization of the following potential associated
with Next Generation SOA:
72
The components that assemble data and functionality for concrete use cases
are not yet realized as Services. Thus, they do not allow reuse outside of this
concrete context.
Monitoring and the corresponding analysis of service behavior and
monitoring of SLAs through Business Intelligence are possible only through
great effort. Task Services ease this effort by acting as entry points and facades
for services that together support a process step or use case. It is easy to set up
gateways at these access points that capture BI relevant information.
Central error handling is harder to establish. Task Services consolidate
faults and translate them to standardized meaningful error messages that can
be forwarded to a central error handling system or process.
An important design decision is whether Task Services gather compound data
by accessing the database directly or via Entity Services. The indirection via
Entity Services has the drawback of potentially less efficient data access (if
service-to-service communication is not optimized) compared to retrieving
complex structures with optimized access technology such as stored
procedures. Establishing Entity Services as the single point of entry and
facades for data access has the following benefits:
Entity Services provide access to core business objects for a large number of
user scenarios and contexts when using a common data representation format.
Thus, they have the highest potential for reuse. If database access is embedded
in Task Services, this reuse potential is lost.
Databases exist in functional silos and represent a limited view to core
business objects. See section on Master Data Management for a more in-depth
discussion. Tight coupling between task services and a database stands in the
way of crossing the functional boundaries for data access.
Impact on Architecture
The composition in Task Services is realized as an external stateless
integration process that calls several services through a well-defined flow and
uses a data transformation to build a complex data type exposed at the
interface of the service. While such an implementation can hold state
internally, state should not be exposed to the consumer thus making calls
atomic.
73
74
Generated Contracts
To achieve this, it is crucial that Task Services behave like LEGO blocks that
are easy to plug in and interchange with one another. Together they form a set
of functional building blocks that can be used to create new process steps or
use cases. To achieve this, it is crucial that the contract of these task services is
based on domain wide standards. This is true for the user data portion of the
contract that should be based on the canonical data model as well the data
types specified in the meta-data used across all services. Such meta-data can
include business context, time stamps that indicate time and length of usage,
76
business fault types, technical fault types etc. If all these types are based on
heterogeneously structured XML types, the integration efforts needed to use a
service are unacceptably high and have the potential to jeopardize the
adoption of SOA.
Therefore, standardization of service contracts plays a key role in supporting
the cultural change of designing services in a top-down rather than bottom-up
fashion. One way to achieve this standardization is by establishing an SOA
Governance Program Office (SGPO), as described in the SOA Governance
chapter. Here, senior SOA architects create guidelines and quality gates.
The standard data types are stored in a centralized repository. SOA
governance mechanisms ensure that they are used in all the services, that is,
the services conform to the SOA guidelines. This type of governance implies
large manual efforts.
The approach above implies manual creation of service contracts, WSDLs, and
a process to review these contracts by the SOA governance team. In Next
Generation SOA, we will find model-based generators that create contracts
automatically and thus help to reduce programming and governance efforts
while increasing the level of standardization and automation.
Impact on Architecture
The data types contained in the service contracts are defined semantically in a
natural object model and are stored in a central repository. . These models
contain the entity definitions of the canonical data model as well as meta-data
that are part of all service contracts for a specific service category. Architects
typically develop WSDL generators based on these models.
The payload of individual service contracts is defined by service contract
designers based on the canonical data types who feed it into the generator.
The generator uses this payload definition and combines it with related
meta-data in order to create a standardized WSDL. This produces the service
interface specification as the final output.
At runtime, SOAP messages based on these contracts are exchanged between
service consumers and providers. In order to ensure standardization of the
SOAP headers, a centralized storage and management approach should also
be considered. This is necessary because these SOAP headers contain
information needed to assess critical service KPIs.
77
An ESB can be used to populate the correct SOAP headers at runtime. Because
ESB configuration can be setup once, developers responsible for exposing a
service do not need to be involved in this activity.
Summary of Key Points
Model Driven Software Design (MDSD) focuses on the model and generates
code
One of the most important characteristics of the Next Generation SOA is
standardization of service contracts
SOA Governance is critical in ensuring that services are designed in a
top-down rather than bottom-up fashion
The standard data types should be stored in a centralized repository
ESB is a critical piece in ensuring standards compliance and automating it
5.5 Orchestration Technologies for Automated Processes
Two of the technical goals that SOA supports are integration of heterogeneous
systems and enabling business driven process and application design,
primarily through process automation. Task services are the building blocks
for executable processes and front ends. They act as a facade for business logic
exposed as part of integration efforts.
In the task services section, we discussed the use of BPEL-based integration
processes that orchestrate entity services. In this section, we will look at
another type of automated processes, the ones encapsulating business process
flows. It is important that technical details are implemented as part of the
orchestrated task services instead of inside the executable business processes.
Several methods exist to describe Business Processes and complex
interactions between them. By far the most well-known is the Event-driven
Process Chain (EPC), developed in 1992 at the Institute for Information
Systems (IWI) at the University of Saarland. These process chains are part of a
larger method, the ARIS House.
At the core of EPCs are four elements, allowing the analyst to model events
(such as new order created), functions executed (review order conditions),
78
and gateways / rules (customer credit enough?) for decisions and resources
(such as organizations and systems).
While EPCs can be used to create high-level models (e.g. strategic objectives),
it is fairly resource intensive to model down to the executable business process.
The Business Process Modeling Notation (BPMN 2.0), on the other hand,
allows Business and IT resources to collaboratively develop a process that can
later be executed.
According to the OMG, the idea behind the Business Process Modeling
Notation can be described as: The primary goal of BPMN is to provide a
notation that is readily understandable by all business users, from the
business analysts that create the initial drafts of the processes, to the technical
developers responsible for implementing the technology that will perform
those processes, and finally, to the business people who will manage and
monitor those processes. Thus, BPMN creates a standardized bridge for the
gap between the business process design and process implementation.
(http://www.omg.org/cgi-bin/doc?dtc/10-06-04.pdf, Page 31, Paragraph 1).
While the first major incarnation of BPMN, Version 1.x, was solely created to
describe processes in a formalized method (focus on notation), the explicit
goal behind 2.0 was the ability to have a technical person implement the same
model, without transforming it first, e.g. into the Business Process Execution
Language (BPEL).
The enriched model (through the implementation perspective) containing
technical details (such as data associations, send task or receive message) is
directly deployable to a BPMN 2.0 compliant engine that can execute the
process graph natively.
The two major differences between WS-BPEL (formal OASIS name of the
specification) and BPMN are:
Semantic structure of the language. BPEL is forward-block-based, whereas
BPMN represents a directed graph. Hence, while a BPEL process can only
execute top to bottom (or side, on the same level), block after block, BPMN
can jump back and forth between tasks, modeled through transitions.
Though BPMN 2.0 incorporates many of the BPEL features in order to be
easily executable, it allows a business user to design a process without any
79
81
83
84
85
86
87
88
fragmentation of data across systems, data quality statistically goes down, and
day to day changes (e.g. attributes of a customer) become daunting IT tasks,
resulting in inconsistency all across.
The discipline of Master Data Management (MDM) cares about the creation
and maintenance of these basic data objects (entities) any organization needs
to conduct business (e.g. a customer). They are used upstream within business
processes (e.g. Order-to-Cash) to support the creation of transactional entities
(e.g. sales orders) that are responsible to create cash flow or products.
Transactional entities are characterized as ones that span functional
boundaries and change their state (e.g. received, confirmed, fulfilled and
billed) frequently throughout the lifecycle of a process.
Master data objects can be grouped into three functional clusters:
People
Business Partners (Suppliers, Customers), Patients, Employees
etc.
Products (Things)
Machines, Material, Contracts, Goods (e.g. Semi finished, Finished)
etc.
Locations
Plants, Addresses, Zip-codes, States, GIS-Coordinates etc.
In most companies, these objects are maintained independently of each other,
in different systems, but accuracy and their relationships become increasingly
important, especially in regulated businesses (e.g. Pharmaceuticals), where
stringent reporting requirements exist (e.g. within an intermediate batch,
which raw material came from which vendor).
In order to introduce master data management into an organization, three
dimensions need to be considered:
Data Definition
The definition of a golden standard record structure (entity definition), which
89
90
systems in order to get a central view of where the store of record for each
data element was.
Several vendor products are being considered to replace the home grown
approach. Once a specific vendor is selected, RYLC plans to migrate
management of each key entity to the new platform. A set of services would
be defined to expose the consumption and updating of each managed entity.
Summary of Key Points
Master Data Management strives to establish a clear relationship between
data and its store of record
Defining clear ownership of data and its structures is by far MDMs biggest
challenge
Without governance in place, a Master Data Management initiative will fail
Introducing a service centric approach to MDM is the ideal approach
5.9 Event-Driven SOA
Event-driven Architecture (EDA) has been touted as the solution for a lot of
enterprises problems dealing with non real time transactions. It is based on
the publish-subscribe concepts and heavily utilizes many of SOA approaches
and design patterns. Some consider EDA an asynchronous version of SOA.
However, as discussed in this section, it goes far beyond that.
Concepts
If we look at real companies and their business transactions, we see that the
real world operates on a much more event-oriented basis. Typical events are
the result of any state transition that can be a result of various activities such
as a new customer is created in the system, a car reservation is made, a car is
returned, a car has to go to the garage, etc. We can support all of these
functions with services and often with specified process chains. However,
complex business processes can rarely be automated in one piece, as the
real-life exceptions and dependencies of various business transactions are
highly dynamic. Thus, the concept of loosely coupled events and event
consumers in our architectural approaches becomes very helpful.
93
94
In simple event processing (SEP), only relevant events are placed in the
event channel for processing. For example, Car class XY is sold out or Stock
threshold not reached for winter tires. This is very similar to the
message-based systems. The processing logic evaluates the event type and
content and then reacts accordingly.
In event stream processing (ESP), in addition to the relevant events, usual
events are published in the event channel, e.g. generally all purchase orders,
RFID events etc. This places more stringent demands on event processing but
also permits more possibilities for analysis.
Lastly, complex event processing (CEP) deals with the concurrence of
different (simple) events in order to derive actions from these. The events in
the event channel can have different event types and occur over long periods.
The event correlation can be content-based, time-based or spatial. Therefore,
CEP is frequently used to detect anomalies, risks or opportunities in business
naturally with the aim of gaining advantages over traditional reporting
solutions on the basis of more up-to-date information and ultimately
beating the competitors.
The primary difference between different event processing types lies in how
they deal with events. ESP relates to the processing of streams, where an event
stream is a chronologically ordered sequence of events (e.g. a stock ticker).
Conversely, CEP works on event clouds. An event cloud is the result of many
event-generating activities from different parts of an IT system. An event
cloud could contain multiple streams. A stream is therefore a special case of a
cloud.
The acceptance of the chronological sequence within a stream has its
advantages processing is fast, as only a few events have to be stored in the
buffer. Conversely, in clouds, the dependencies are important what
dependent events have occurred or, even more significantly, what events may
have been omitted?
This illustrates that event stream processing is designed for high speed
processing (Figure 5.6), while the focus of CEP is on the extraction of
information from the event clouds. In practice, the differences between ESP
and CEP become blurred, so the more powerful CEP wins out.
Figure 5.6. Event stream processing
95
97
depends primarily on the employees and their experience and acute attention
span. Complex event processing engines can help with these tasks.
The discipline of complex event processing clearly differs from the traditional
queue- or database-based processing mechanisms. Caches are required that
permit complex correlations of very different events, including over extended
time horizons. This is also referred to as in-stream processing, which is
becoming increasingly important and can be seen in the emergence of
SQL-type, stream-based query languages. Rules engines also become an
important part of event processing, as they are typically used to define and
execute all the rules associated with event routing, processing, and
correlation.
Event Server Infrastructure
The Event Delivery Network (EDN) infrastructure necessary for event servers
can be realized through messaging infrastructures that are suitable for
transporting and routing the events. They provide the required quality of
service capabilities like reliable, transactional and secure delivery. This is
important since message ordering is not specified in EDA. The enhancements
needed for Enterprise SOA in comparisons to a classical Event Delivery
Network is the automatic event propagation across domains and distributed
clusters. An SOA-ready EDN needs to provide specialized adapters that
support
the
WS-Eventing
Specification
[W3-2009 http://www.w3.org/Submission/WS-Eventing/] for standardized
SOA event definition and connectivity.
To filter, aggregate and correlate events, complex event processing engines are
used. These engines process the events in a real-time streaming behavior
without taking account of off any previous delivered event. CEP Engines are
mostly integrated with an ESB or Process Engine via a service contract.
Two implementation aspects must be highlighted. Event servers should posses
the core properties of being lightweight and linearly scalable. The end users
are integrated via business activity monitoring (BAM), dashboards or separate
service or process calls. Figure 5.8 shows a typical infrastructure layout.
Figure 5.8. Event server infrastructure
99
A response is expected
A component should use EDA for an event publication if:
All recipients that may be interested in the event should be notified
It is not exactly known which and how many recipients are interested in the
event
It is not known how recipients respond to this event
Different recipients respond differently to the same event
Only one-way communication from the sender to the recipient is possible
In this respect, the popular equation 2 + 2 > 4 can be applied here, as the
total of the combination of both architectural styles is greater than the sum of
its parts. SOA carries communication patterns when executing predefined
processes and logic via a request-response mechanism. EDA applications use
the typical publisher/subscriber pattern and sometimes process large volumes
of events in order to generate a subset of new, actionable events.
SOA and EDA are complementary: together, they permit the creation of
on-demand applications with significant business benefits.
Case Study Example
The first consideration in applying EDA within RYLC was to SOA-enable
legacy systems. With little effort, COBOL based legacy CRM system could be
easily SOA enabled though the use of events. An XML-based event structure
would need to be created for each business transaction. Each event based on
this structure could then be posted to an accessible queuing system. The
Event Delivery Network would act as a consumer and deliver the events to
all listening SOA Services and BPMN Processes.
Within the RYLC Enterprise Portal, users have the capability to store their
own places of interest. This functionality is currently achieved by invoking
the backend COBOL APIs. This hook can be used to create an event and
send it to the EDN in parallel. An SOA-enabled BPM Process can be
registered to listen to the profile Change Event. After receiving the event,
SOA process engine would start and execute a new BPMN process called
Advertisement of new Mobile-Holidays.
101
In addition, EDA is also used for real time decision making. It is often the
case that more cars are returned to one location than another. To have a
more balanced delivery, the car check-in and check-out services can
generate an event that would send check-in and -out information to the
EDN. The CEP engine can pick up the produced events and create new
business events dependent on the specific business rule and additional
event streams like customer traveling close to the location. To deal with the
inventory imbalance issue, RYLC created a rule to create special
advertisements when more than 50% of the cars are delivered to a single
location.
Summary of Key Points
Real world largely operates on an event-oriented basis
There are three types of event processing simple, stream, and complex
Real -time processing of business events enables organizations to respond
faster to market conditions and customer demands
It is important that the event producer has no knowledge of event consumers
Enterprise service bus or messaging infrastructure is suitable for
transporting and routing the events
SOA and EDA are complementary, not incompatible architecture approaches
5.10 Enterprise Portal
Portals and portal technologies have been around for a while. Even though
they do not represent groundbreaking advances in technology or architecture,
the advent of SOA and BPM have had a significant impact on portals. Today,
portals are sophisticated mechanisms that are based on many next generation
technologies discussed throughout the chapter.
Concepts
A hierarchical end-to-end process chain can be decomposed to a fine-grained
level that contains process steps expressed as human executable tasks or
automated system interactions via task services. Enterprise Portals are
positioned at this level in the process chain.
102
103
104
Portal
The mere graphical aspects of the enterprise portal are gathered in the
component called Portal. A portal consists of portlets for the task list, user
entry forms and enhancements for Enterprise 2.0 Collaboration.
The Portal is a container for displaying Portlets or Gadgets that is based on
open standards such as JSR 286 (the follow-up to JSR 168), WRSP, HTML 5,
REST, EDA, etc.
Transactional Enterprise Websites
Until recently, a typical solution architecture consisted of JSR 168-based
portlets that were embedded into interactive HTML-based Web forms. With
the advent of modern technologies, such as JSR 286, AJAX, JSF 2.0 and
HTML5, Enterprise Portals became capable of supporting the requirements to
build interactive websites and forms that talk to each other via Inter-Portlet
communication. This allows the creation of pluggable pieces of graphical user
interfaces that can be embedded into existing portals. A good example of this
is a newly built highly interactive unified task list when one task is selected,
an existing portlet is shown to the user. The end goal of this is a front end
architecture that follows SOA principles and comprises of loosely coupled UI
components.
The increasing support for HTML5 features can dramatically change portal
architectures. HTML5 enables creation of a kind of rich client inside the
browser that resembles the look-and-feel and feature richness of classical fat
client based applications that interactively communicate with backend
systems and processes.
Social Networks Enabled Websites
Some type of process steps need close collaboration between a number of
participants in order to jointly and efficiently achieve a business goal. An
enterprise portal can benefit from Web 2.0 type of collaboration features that
enable it to interact with existing social networks such as Facebook and to
resemble corresponding social network features inside the enterprise.
OpenSocial(http://www.opensocial.org/) standard has emerged as a way to
communicate with a variety of social networks. Such standards as oAuth,
OpenID and SAML provide a unified mechanism to handle all security aspects.
Social Networks such as LinkedIn, MySpace and Facebook are themselves
105
built on these standards and thus easily integrate with Enterprise Portals built
on these technologies.
Monolithic Workflow Solutions
One alternative to Portlet-based Enterprise Portals are proprietary workflow
editors and engines that allow creation of monolithic Web applications. They
are tightly coupled to the data supporting the automated processes.
These applications often have a tight coupling between the modeled process
and the UI forms. These forms are often automatically generated based on
data structures defined in the process model. They rarely support the use of
data from external systems. The benefit of this type of a solution is that it can
rapidly create automated processes. However, its drawback is lack of support
for integration and reuse of existing front ends from heterogeneous
applications.
HumanTask Specification as an Enabler for a Loosely Coupled Frontend
Architecture
A modern enterprise system has the potential to reuse pieces of existing front
ends and to allow the creation of automated transactional and homogeneous
use cases. For this type of Enterprise Portal, a unified task handling
component
is
crucial.
The
HumanTask
OASIS
specification
[http://docs.oasis-open.org/bpel4people/ws-humantask-1.1-spec-cd-07.html]
was created specifically for this purpose.
HumanTask based task handling implementations provide a standard API
that allows consumers to access data and actions in the context of a process
that stopped to wait for a human interaction. Any portal or even existing
application can access process information from their frontends. This allows
for a seamless and unified user view of the currently running process.
The combination of task handling built on HumanTask and HTML 5-based
forms allows a much more efficient and user-friendly, holistic and feature-rich
expert system type of user interaction when compared to the isolated
workflow forms typical built on top of proprietary workflow engines. This can
establish the foundation for an Adaptive Case Management type of frontend
architecture.
REST in Portals
106
REST,
or
Representational
State
Transfer
[http://en.wikipedia.org/wiki/Representational_State_Transfer], provides an
elegant and interoperable alternative to SOAP-based service calls. REST
enables fine-grained and fast access to process information and data.
REST-based Portals work best in combination with other technologies such as
HTML5, JSON and OData.
JSON is a data format that allows transporting data from backend systems
into frontend forms. JSON is a lightweight and compressed alternative to
XML for bundling data. As in XML, data is structured in JSON. JSON is
translated into XML through a server-side component that resides near the
front-end. This is necessary in order to communicate with XML-based task
services.
OData is a protocol for the retrieval and transport of data structures.
Presentation Service Category
In order to create reusable graphical user interface components, portlets
should be treated similar to backend services. They should:
Be registered in a global enterprise repository
Have a contract that defines actions data and possible events
Have the unique address, ideally a REST URL
Have a well defined SLA
These types of services are called Presentation Services. They show the
following additional architectural characteristics, when compared to other
types of services:
The callback must be asynchronous through a defined endpoint that consists
of an address and context at the end of the dialogue. Synchronous calls are
only allowed to retrieve status or fine-grained context specific data.
At the end of the use case, the processing of the transaction is triggered via a
asynchronous task service.
The UI components do not trigger follow-up tasks themselves. Instead, a
process engine decides on the next business process step and executes it. If it
107
settings in the REST/HTTP protocol allow data caching and are thus tolerant
to offline mobile operation.
JSON is used in mobile scenarios within REST services for data exchange.
JSON is a lightweight data format and has benefits over XML in terms of
performance and flexibility. The new service layer that provides specific
features for mobile app interaction translates the canonical data model that
task and entity services expose to the mobile client format.
The services transmit requested data to the client, which may save it into the
local web storage of an HTML 5 browser. This allows the client to work offline.
Additional resources that are needed to optimize the presentation, such as
select lists or suggestions, are provided as REST services that communicate
with existing data sources.
REST based addressing mechanisms are based on unique URIs. This allows
embedding SOA service functionality (function and data) in any local app.
Thus, inside mobile apps, objects and functions from different services can be
combined to create desired features. Since REST does not encompass
standards for asynchronous interactions with the backend, HTML 5 based
mechanisms, such as Web Sockets for server push and addressing principles
of WS-Addressing, will be merged with REST. Similarly, security solutions will
stem from existing industry standards, since REST does not provide its own
security mechanisms. For authentication and single sign one, it is a good idea
to use OpenID (openid.net), which has an established base through a variety
of social web sites. OAuth (http://oauth.net/) can be used for authorization.
There are no REST specific encryption standards and new ones need to evolve.
Case Study Example
To generate more business, RYLC started a mobile strategy consisting of
three steps.
The first step included the possibility for the customer to rent a car either
via classical web interface or through a mobile device (e.g. smartphone
application). Customers would be able to order a car on the run, maybe with
premium features such as delivery to a specific location within 30 minutes.
Alternatively, as in use today, customers could use instant checkout via
self-service terminals instead of waiting to complete all the details at a
customer representatives counter.
110
Agents are extremely crucial for dynamic service discovery, binding and
composition. Composition can be intelligently achieved by deploying
specialized agents. The standard lifecycle of composition processes includes
lookup for selection, matching of compatible and conforming functionalities,
and making decisions on calling and using the identified services. Agents
contribute in fully automating these sub-processes. Many times, reactive / late
composition is imperative due to unpredictable and swinging business
momentum. New services are being constantly added into the global service
repository by individual developers, open source community, and even the IT
units of large corporations. The Internet is truly global, and hence keeping the
unique functionality of each service being added, advertised and articulated in
local / remote and private / public service inventories is a really tough job. All
this promotes dynamic service interaction and orchestration. Agents are
critical in achieving this goal. Variety of approaches and products exist that
guarantee the efficacy of software agents in fulfilling the seamless composition
of services at runtime.
Semantic technologies contribute immensely and immeasurably in ensuring
meaningful and dynamic composition of services. Agents can be empowered
to perform completely automated composition through the use of semantic
technologies. Service composition could be performed dynamically through
agent collaboration without predefining abstract plans. Agent technology
offers excellent mechanisms to formally express and utilize richer semantic
annotations. Human intervention, interpretation and instruction will all
benefit from the ensuing association between SOA and the agent concepts.
Summary of Key Points
A software agent is a piece of software that acts autonomously to perform
tasks on behalf of users
Agents are critical for dynamic service discovery, binding and composition
Semantic technologies play a big role in agent-based design
5.13 Semantic SOA for Automation and Dynamism
Semantic computing has been a dream for many architects. It enables
disparate systems to speak in the same language without necessarily
implementing standard message definitions. Semantic computing represents a
112
natural extension to SOA due to ubiquitous nature of SOA and its underlying
technologies.
Concepts
Attaching semantics to all kinds of IT resources (applications, components,
services, data, etc.) is gaining momentum. This is needed to empower them to
capture process and unambiguously understand users preferences, prevailing
situations, and impending needs in order to contact all the right services to
implement the identified requirements. In a nutshell, semantics-attached
resource modules and models are necessary for delegating more work to
scores of distinct and distributed automation devices. New technologies
enabling IT systems to determine the best action based on the specific context
or current state are starting to emerge. They bring a potential to significantly
shift the way IT systems are architected and implemented.
The semantic web facilitates building and deploying semantic services and
systems. It considers the web as a globally linked database where web pages,
applications, service components and agents are marked up with semantic
annotations in order to be machine-processable and understandable. These
annotations are assertions about the variety of web resources and their
properties expressed in the Resource Description Format (RDF). Along with
RDF, one can use RDF Schema to express classes, properties, ranges, and
documentation for resources and the OWL-S ontology to represent deeper
relationships and/or properties like equivalences, lists, and data types. With
the semantic web infrastructures in place, applications can be written that use
annotations and suitable inference engines that automatically discover,
corroborate, compose, and correlate services.
With faster adoption of SOA technologies and approaches, the relevance of
semantic methods becomes more important since present day services do not
have the intrinsic support for empowering machines themselves to make
context-sensitive and cognition-enabled decisions and actions. This hampers
dynamic invocation of applicable service operations. That is, the automated
discovery of the capability and fit of participating services for specific
occasions. The goal is to minimize human intervention, so that service
collaboration can happen in a systematic and task-driven way. Combining
semantic technologies with SOA could introduce complementary capabilities
that would advance SOA to the next level of maturity and productivity.
113
115
There is a variety of ways that web sites enable consumers to access their
content.
Web Services these are typical Web Services aimed at providing content
from its parent site or execution of business logic. They are primarily intended
to be used from inside the application logic. Examples include Google and
eBay API.
RESTful Services these are services designed to be called directly from
other web sites or mobile platforms. RESTful calls are faster and more
lightweight than SOAP calls and thus are better suited for these uses.
Examples include some of the Google APIs and Yahoo Search API.
JavaScript APIs these are APIs provided through JavaScript libraries
supplied by the target web sites. They enable developers to integrate these web
site contents and operations into their own sites. Examples include some of
the Google APIs and Facebook APIs.
There is, however, a new trend worth exploring further. Web-oriented APIs
are emerging as a new way to enable users to access content and functionality
of other web sites. These APIs leverage HTTP as a transport but pass
operation name and parameters through the URL and therefore are not
RESTful. Examples of web-oriented APIs include Flickr API and GoogleMap
API.
Impact on Architecture
Web-oriented APIs should be treated separately from typical services. Because
they represent a transactional HTTP request, existing approaches, patterns,
principles, and tools targeting typical services might not be appropriate. By
the same token, practices applicable to standard web-based transactional
operations are not suitable either because they primarily deal with
transactional web sites, not services.
Due to the web-based interaction paradigm, many of the same approaches and
practices should be applied to the web APIs as are used with any cloud-based
service. Fault tolerance, failover, privacy, security are just some of the
elements applications utilizing web APIs should address in their architecture.
Regardless of how web APIs are implemented and accessed, web sites relying
116
potential
latency,
unavailability,
or
linkages, and innovative applications. With the continued adoption of web API
management, API consumers will become better protected from unexpected
outages, spikes, and breaches. Web sites wishing to monetize their content
will have a viable platform and approach for doing so.
While standards for web APIs still do not exist, the future of programmable
web holds API registries that would enable potential consumers to discover
appropriate APIs, request access to them, and bind to the right interface at the
run time. API management vendors will integrate with these registries to not
only document and publish policy for each set of web APIs but also to manage
runtime aspects of API operations.
Summary of Key Points
Web APIs leverage HTTP as a transport but pass operation name and
parameters through the URL and therefore are not RESTful
A number of vendors are starting to offer web API management services
A cohesive collection of web APIs can establish a foundation for
programmable web
118
many more architectural constructs now fit under the SOA umbrella. These
new areas are covered extensively in the Next Generation SOA Technologies
chapter. To provide continuity from this content, lets highlight the most
relevant ones. The modern architectural elements that are important to
consider for all subsequent discussions in this chapter include:
Business Process Management (BPM)
Business Rules Engines (BRE)
Cloud Computing
Event Driven Architecture (EDA)
Complex Event Processing (CEP)
Web Oriented Architecture (WOA)
Service Oriented Business Intelligence (SOBI)
Grid Computing
Master Data Management (MDM)
As a result of adding these new architecture constructs to SOA, the core
service-orientation principles need to expand. This, however, does not mean
that the existing SOA principles become irrelevant or dont need to be
followed. On the contrary, adherence to them becomes much more important
as additional architectural concerns only dissipate the architects focus and
they become harder to enforce.
The core service-orientation principles are well documented in the
Service-oriented Computing SeriesSOA: Principles of Service Design book. To
recap, the following design principles are considered critical for SOA.
Service Contracts
Service Coupling
Service Abstraction
Service Reusability
120
Service Autonomy
Service Statelessness
Service Discoverability
Service Composability
In the subsequent sections we will discuss how the changes to the SOA
landscape and practices affect all the SOA principles.
Service Contracts
The Service Contracts principle guides all services to share a standardized
contract. It enables services and their consumers to communicate in a
pre-defined fashion. There are multiple levels, at which contracts are
standardized. They include:
Functional Service Expressions
Service Data Representation
Service Policies
These represent standard parts of the contract, thus enabling successful
communication between services and their providers.
When designing service contracts, several considerations need to be kept in
mind.
Data transformations
Granularity
Service models
This is where the impact of modern SOA practices is felt the most. While the
general idea behind the Service Contracts principle remains the same, how it
is applied demonstrates real differences. Thus, several extensions to the
Service Contracts principle are needed. They involve several areas of a service
contract:
121
122
123
The risks associated with the new extensions outlined above remain the same
as already documented.
Versioning: introducing faade contracts complicates the versioning
considerations to an extent. While the same logic needs to be applied as before
when considering whether to create a new version of the service or not, faade
contracts may or may not need to be versioned. Even though it is preferable
not to version faade contracts, it may be necessary under some circumstances.
On the other hand, however, service faade may provide a way to postpone
versioning until it is absolutely essential. By addressing specific consumer
needs through a faade contract, the standard contract may not need to
change at all.
Technology Dependencies: since services need to remain technology agnostic
and contracts independent of service endpoint or type, specific technologies
used to implement a service or its contract should not have any impact on its
execution or consumption.
Development Tool Deficiencies: even though the development tools have
evolved significantly since the early days of SOA, many of them still present
many challenges. Overreliance on development frameworks or
auto-generation tools can cause problems if they are not used carefully.
124
Overall, the Service Contracts principle is still very relevant and should be
widely adapted to make SOA program successful.
Service Coupling
The Service Coupling principle emphasizes loose coupling between services,
their internal implementations, and consumers. This SOA principle lies at the
core of service-orientation.
There are several coupling types that have been identified:
Service Contract
Logic-to-Contract Coupling
Contract-to-Logic Coupling
Contract-to-Technology Coupling
Contract-to-Implementation Coupling
Contract-to-Functional Coupling
Service Consumer
Consumer-to-Implementation Coupling
Consumer-to-Contract Coupling
Based on the modern state of service-orientation, existing coupling types can
be further extended. These extensions are necessary to further protect the
consumers from constant evolution in technology and architectural principles,
incorporate new patterns and architecture styles into contract definitions, and
ensure a more complete abstraction. These extensions can be summarized as
follows:
Contract-to-Logic Coupling avoid any coupling with the underlying
technology platforms, especially in those cases when these platforms are
SOA-enabled or make exposing services very easy
Contract-to-Technology Coupling avoid including any underlying
technology details into the contract, especially in situations when this is made
easy by the implementation platform
125
126
127
128
130
131
132
The nature of the Service Abstraction principle doesnt change drastically with
the evolution of the service-orientation and service-oriented practices.
However, the new technologies that now participate in the SOA
implementation present new challenges to the architects and developers.
Special attention needs to be paid to abstracting all of the service
implementation details and platform specifics. Some of the newer
technologies and practices make it easy to exploit shortcuts, which may lead to
lack of abstraction if not used with caution. Additional maturity in the modern
SOA practices and tooling is needed to minimize potential circumvention of
the Service Abstraction principle.
Service Reusability
The Service Reusability principle lies at the core of the service-orientation. It
attempts to maximize the reuse of existing services, thus striving to attain one
of the core SOA goals. This principle is not impacted with the introduction of
modern SOA practices and technologies. However, these new factors extend
the reuse boundaries, best practices, and key premises. Extensions can be
defined for the following areas:
Service Interface reusability can be increased if a service can expose
multiple interfaces and facades to better serve its consumers
Service Functionality services exposing well defined, independent
functionality can significantly increase their reusability
Table 6.4 defines the extensions of the Service Reusability principle, along
with associated risks and best practices.
Table 6.4. Extensions to the Service Reusability principle.
133
134
With the modern SOA landscape, the abundance of ways to invoke, expose,
and integrate existing services provides additional challenges and may, in
some cases, limit services reusability potential. Special attention should still
be paid to how the service is intended to be used and who its potential
consumers will be. Specific platforms, tools, or implementation techniques
should not impact services reusability in any way. The continually changing
and evolving technology space still provides challenges to services reuse
potential, but proper application of the Service Reusability principle should
limit the overall impact.
Service Autonomy
The Service Autonomy principle calls for the services to exercise a high level of
control over their underlying runtime execution environment. This also
135
136
137
138
139
140
141
touted benefit of Web Services and registries when they first came out, the
focus has primarily shifted to design-time discovery.
Modern technologies and practices do not introduce significant changes to the
Service Discoverability principle. However, due to greater emphasis on
design-time discovery, establishing a more comprehensive service metadata,
governing the entire service lifecycle, additional extensions are necessary.
They can be summarized as follows:
Run-time run-time discovery should be used only when circumstances
allow it and semantic meaning of all contract elements are clearly understood
Design-time all services should be discoverable at design time, and this
process should be controlled through the SOA governance practices
Table 6.7 details these extensions to the Service Discoverability principle
along with associated risks and best practices.
Table 6.7. Extensions to the Service Discoverability principle.
142
service
Standards use the most appropriate standards and avoid very new or
unproven ones
Table 6.8 details the extension to the Service Composability principle along
with associated risks and best practices.
Table 6.8. Extensions to the Service Composability principle.
144
145
Modern SOA platforms such as cloud, grid, or event processing do not have
significant impact on the Service Composability principle, as they primarily
deal with service implementation. Event processes, however, need to be
employed in orchestrations carefully, as they are typically used to notify their
subscribers of specific events that occurred.
In practice, BPM engines and ESBs with process management capabilities
have become de-facto standards for implementing orchestrations. The key
decision that typically needs to be made is what types of orchestrations,
compositions, and choreography is performed on which platform.
Summary of Key Points
Modern SOA technologies and practices have a fundamental impact on the
existing SOA principles, although the core principles remain intact
Most of the extensions to the SOA principles stem from the increased
complexity of the SOA solutions and approaches as a result of the modern
SOA technologies and practices
146
147
approaches
related
to
Business
Process
148
differences that should be kept in mind when dealing with rule services. They
are documented in Table 6.10.
Prior to discussing extension to design approaches related to business rules
management, it is important to note that related patterns have already been
identified.
Rules Centralization determines how business rules can be abstracted
and centrally governed
Canonical Schema examines how services can be designed to avoid data
model transformation
Decoupled Contract defines how a service can express its capabilities
independently of its implementation
It is also important to keep in mind that service contracts and interfaces
exposed from the business rules engines are often customizable. Thus, it is
possible to establish a service interface that complies with majority of SOA
best practices and design patterns. However, because these services are
managed and generated by a third party software package, they should be
treated distinctly from those built in-house.
Modern SOA approaches warrant the extension of the existing patterns. These
are detailed in Table 6.10.
Table 6.10. Design
Management.
approaches
related
to
Business
Rules
150
Due to its close relationship with BPM, rule services sometimes fall under the
same context. It is important to make a differentiation which category a
service falls under when designing or invoking it. It is also important to keep
each service separate from external influences in order not to compromise the
design.
Event Driven Architecture
Event Driven Architecture (EDA) is an extension of SOA specifically related to
processing and routing of asynchronous events. It is based on the concept of
posting events to a central processing facility and allowing it to make
decisions on how to route or process the events. The primary differences
between EDA and SOA lie in EDAs strictly asynchronous nature. All other
concepts related to each architecture style are virtually identical.
Complex Event Processing (CEP) is a specific implementation of EDA that
provides dedicated facilities to subscribe to and process complex messages. In
this section, all of the concepts discussed in relation to EDA also apply to CEP.
151
Several SOA design patterns related to event processing have already been
identified. They include:
Event-Driven Messaging defines how service consumers can be
automatically notified of runtime service events
Intermediate Routing examines how dynamic runtime factors affect
the path of a message
Event Message identifies how messaging can be used to transmit events
from one application to another
Publish-Subscribe Channel deals with how the sender can broadcast
an event to all interested receivers
EDA is a relatively new additional to the service-orientation family. Therefore,
this space continues to evolve. Additional design approaches beyond those
already identified are documented in Table 6.11.
Table 6.11. Design
Architecture.
approaches
related
to
Event
Driven
152
153
Most ESBs today provide event processing capabilities. They are typically
based on existing ESB features, asynchronous messaging, transformation,
content-based routing, business rules, and publish-subscribe mechanisms.
Some vendors also provide distinct Complex Event Processing facilities. They
incorporate BPM, business rules, and long-running transaction functionality.
As the EDA practices continue to evolve, they will eventually become
indistinct from those falling under the SOA umbrella.
Cloud Computing
Cloud Computing is the most recent advancement in the technology space. It
describes an elastic computing resource pattern. While Cloud Computing
primarily refers to an architectural approach, a variety of products and vendor
offerings have already been established.
154
155
paradigm. In this section, we will refer exclusively to WOA and will not
address REST or other specific architectural approaches or principles directly.
This is due to the fact that WOAs umbrella covers a variety of protocols and
approaches.
While the primary difference between WOA and SOA is in the desired protocol
usage, all of the SOA design patterns and best practices still apply. WOA,
however, comes with its own unique set of design patterns, some of which
have already been identified. They include:
Alternative Format addresses how services can exchange data based on
less common or non-standard formats
Entity Linking defines how services can expose the inherent linkage
between business concepts in order to support loosely-coupled choreography
Layered Redirect determines how a service can be moved without
impacting its consumers
Transport Caching examines how temporal and activity-specific state
data can be efficiently persisted
Uniform Contract identifies how a service composition can be
reconfigured at run-time to take advantage of evolving alternative service
endpoints
Since WOA calls for simplification of interactions between consumers and
service providers, by extension, it implies avoidance of more robust protocols
such as Web Services. Because typical SOA programs attach strict
requirements to how services are exposed, used, managed, and discovered,
specific design approaches related to WOA should be established. Table
6.13 defines them in detail.
Table 6.13. Design
Architecture.
approaches
related
to
Web
Oriented
157
Semantic Computing
Semantic Computing represents a concept that allows software, services, and
possibly even specialized appliances to seamlessly interoperate. All of the
parties involved in the conversation would understand each other, even
though they may be speaking different languages. Semantics provides the
universal decoder that allows for this kind of interoperability. Semantic
computing envisions a common language or grammar that all of the enterprise
systems utilize to communicate with each other. Terms defined through this
grammar have the same meaning no matter how they are used.
While semantic SOA has not become widespread, some of its concepts have
become adopted throughout the industry. This includes Master Data
Management (MDM), semantic integration, canonical modeling, and others.
Related design patterns have also been created.
Canonical Expression defines how service contracts can be consistently
understood and interpreted
Canonical Schema examines how services can be designed to avoid data
model transformation
Aside from a common semantic foundation, services built on a semantic SOA
platform do not significantly differ from those that are not in terms of
following established SOA design patterns and best practices. All of the SOA
principles still apply to semantic services.
They key difference is integration. When all the services are based on the same
semantics, mapping between different fields and entities becomes
unnecessary. Service orchestrations, compositions, and choreography are
simplified to the level of executing the logic, controlling the flow of the process,
and returning a result. To achieve this level of simplicity, underlying platforms
such as ESBs, BPM engines, and others should become semantic-aware. MDM
can play a significant role in this.
Summary of Key Points
Each next generation technology influences SOA in its own way and
necessitates creation of related design patterns
159
160
161
162
that shape modern SOA technology practices. They are discussed in detail in
subsequent sections.
Cloud Computing
Cloud Computing helps shift the emphasis from tight governance over
computing capacity needs of shared services and consumer demands to
defining and adhering to service SLAs. Because Cloud Computing provides
elastic computing capacity virtually on demand, services that are hosted in the
cloud no longer need to worry having enough resources to serve their
consumers. Instead, the focus is shifted to managing services response time,
uptime, failover, and other vital run-time characteristics.
As more and more services are hosted in the cloud, the importance and
prominence of the service registries, repositories, and run-time management
tools become more evident. Several important practices emerge in response to
this need. They are captured in Table 6.14.
Table 6.14. SOA practices related to Cloud Computing.
163
Even though there are many benefits to Cloud Computing, it also introduces
additional concerns. Some SOA governance matters such as capacity planning
and careful demand forecasting are replaced by rigorous SLA definition and
management.
164
165
As the BPM and ESB capabilities continue to evolve and merge, some of the
practices described above may become obsolete. However, while BPM engines
remain separate, the issues addressed through them will remain.
Business Rules Engines
Business rules engines have become as ubiquitous as the BPM tools. They
exist in many forms, shapes, and sizes. There are robust, standalone rules
management platforms. There are rules engines integrated with the BPM and
166
other solutions. There are also lightweight rules engines that are designed to
quickly and efficiently execute externalized sets of rules.
The specific rules platform being utilized brings with it a set of best practices.
This has impacts to services using these engines and how they are structured.
Since some ESBs may have their own rules execution capabilities, this
scenario should also be considered in the overall impact. SOA practices
related to usage and invocation of rules engines are presented in Table 6.16.
Table 6.16. SOA practices related to Business Rules Engines.
167
Rules engines are becoming more pervasive and standardized. They may soon
become a standard part of many packages, especially those that are part of the
SOA environment. This will change many of the existing practices.
Event Processing
To a large degree, event processing represents asynchronous SOA. Therefore,
it follows the same practices and approaches that apply to SOA today. There
are some notable differences, however. While events are posted
asynchronously and are eventually routed to their consumers, the processing
and routing logic may be quite complex. Therefore, rules engines often play a
big part in event processing. The same is true for BPM tools. They may be
utilized to manage the overarching flow and execution of the event processing
and routing logic. As a result, SOA, BPM, and rules management practices
apply.
Some vendors have begun offering Complex Event Processing (CEP) engines.
They are based on the same concepts as described above but are designed to
more efficiently implement the complex processing and routing logic.
On top of existing practices, event processing brings additional dimensions
that are discussed in Table 6.17.
Table 6.17. SOA practices related to event processing.
168
Master Data Management is not a new practice. However, it has not gained
large enough momentum until recently. As an approach, it will continue to be
important for years to come. Specific tools and implementations will
inevitable change. For example, some MDM solutions are starting to leverage
the power of cloud computing. The general trend within the MDM space
seems to be consolidation with integration, ESB, ETL, and other tools. All this
contributes to an ever shifting landscape of best practices.
Case Study Example
170
process
Several next generation design patterns and SOA principles were adopted as
part of this architecture. All CRM services were exposed via the ESB. The
guiding principle to never call these services directly was followed in this
scenario. Workflow and rule services were invoked as part of the process.
Both of them used standard service interfaces that encapsulated the
underlying technology platforms and specific workflow or rule
implementations. These architectural decisions helped achieve loose
coupling between all of the supporting systems, services, and the underlying
processes.
171
Each of the services involved in the process used its own data model based
on the systems there were interacting with or exposing. The business
process relied on the canonical data model developed to streamline the
development and reduce semantic discrepancies. To address differences
between domain and canonical data models implemented in different parts
of the system, a faade pattern was used to help facilitate the translations.
The Notification service presented an example of an event service. Once car
rental was confirmed, a customer needed to be notified. The Notification
service was invoked asynchronously as the last step in the process. It
needed to deliver the message to the customer via the preferred delivery
method. The service interface was developed specifically to abstract the
available event subscribers, delivery methods, or communication
mechanisms. ESB and the rules engine were used to route the messages to
the appropriate consumers.
Summary of Key Points
On top of typical service-orientation functions, modern SOA practices
encompass business-orientation, enterprise agility, and end-to-end
integration capabilities.
The increased complexity of the SOA environment contributes to the
expansion in the related technology practices. Each modern SOA platform
requires its own practices to be successful.
172
176
177
investment from
178
179
Next generation SOA not only helps leverage the ability of SOA to support an
enterprises business strategy but can also provide some significant new
business opportunities. In this section, we will examine some new business
strategies that have been enabled by next generation SOA.
New technology paradigms introduced to solve a specific business problem
often turn out to generate new business opportunities in their own right. The
Internet, for example, originally intended to provide resilient military
communications over unreliable networks by using multiple delivery paths,
has completely revolutionized the way that we both shop and work. In this
section we will discuss business opportunities generated next generation SOA
technology.
Properties of Next Generation SOA Technology
SOA technology focuses on improving business efficiency and agility by
deploying IT solutions in the form of services that automate business
processes, activities and tasks.
1. Services are controlled by formal contracts service contracts
define the functionality, inputs and outputs (including any error
conditions) of each service. While the service contract does not contain
any information about how the service is physically implemented, it does
provide all necessary information for an authorized service consumer to
access and execute the service, since the information modelthat defines
the inputs and outputs of each service provides a clear and unambiguous
description of the service inputs and outputs.
2. Services are technology and device independent the service
contract places no constraints on the physical type or technology of either
the requestor or the server, allowing true any-to-any connectivity. Service
requestors can range from simple Web appliances to major IT systems.
Services can be invoked by automated processes, on a timed basis, in
response to business events or by the execution of another service.
3. Services can perform business tasks very quickly and at very
high volumes and therefore allow an enterprise to execute orders of
magnitude more instances of some key business tasks than if they were
performed manually.
4. New service providers can be discovered and integrated into
the enterprises operations easily even though true seamless
180
In this section, we will look at two approaches that have been taken to address
some of the inhibitors to global trade, Industry Watchdogs and Guarantors.
Industry Watchdogs protect the reputation of a specific industry either by
accrediting companies that have to meet specific standards or by rating them
based on customer feedback. While accreditation or a good reputation is no
guarantee of an organizations performance, it certainly helps to rule out the
less scrupulous traders and generally reduce risks.
Table 7.1 below describes the operating model of Industry Watchdogs.
Table 7.1. The Industry Watchdog Business Model
183
184
185
186
187
Software as a Service
Software as a service (SaaS) is a mechanism for selling software on a usage
basis rather than charging a product license. It is especially popular with
organizations whose usage of a specific software product is either low or
highly variable, as it reduces their overall software expenditure.
Table 7.4. The Software as a Service Business Model
188
189
IT Capacity Trader
Cloud computing enables IT capacity to be treated as a commodity, where
parties with spare IT capacity sell it to clients who need extra capacity. IT
capacity traders buy and sell IT capacity.
Table 7.5. The IT Capacity Trader Business Model
190
191
An enhanced wholesaler uses the same basic business model but uses SOA to
form more dynamic business relationships.
Table 7.6. The Enhanced Wholesaler Business Model
192
193
194
195
196
197
198
The subjects of each focus group were selected to include a spread across
issues, opportunities and inhibitors. Each focus group looked for innovative
solutions to address their subject item, either by improving the underlying
business processes or by applying technology.
Individuals could move freely between focus group sessions, and each focus
group worked on multiple items. Some of the most serious issues were
worked on by more than one focus group. Some focus groups worked on the
key strategic areas identified in the RYLC heat map shown inFigure
3.6 earlier in this book.
The focus groups identified three issues and two potential opportunities:
Issues
1. Vehicle maintenance problems are impacting customer satisfaction
2. The aging billing system represents an unacceptable business risk
3. The complexity of RYLCs IT systems is an inhibitor to their strategy of
growth through mergers and acquisitions
Opportunities
1. Vehicle rental volumes could be increased by partnering with other
travel firms and making deals with travel comparison websites
2. IT running costs could potentially be reduced by using a cloud
computing model
The findings of the
7.10 through 7.14 below:
focus
groups
are
summarized
in tables
199
200
201
202
203
204
205
206
207
In order to properly plan the SOA delivery lifecycle, funding issues must be
addressed upfront. There are two fundamental levels of SOA funding:
Platform Funding This level provides funds for the delivery of collections
or inventories of services. Platform funding models are therefore generally
focused on establishing the supporting infrastructure for a given service
inventory. This funding model contains several distinct approaches.
Project Funding Model This model identifies appropriate
projects to acquire or to extend new or existing SOA platforms.
Central Funding Model With this model, the funding of the
platform is provided centrally.
Usage Funding Model The initial platform is funded centrally
but usage fees are charged for ongoing maintenance and support.
Service Funding This level provides funds for the delivery of individual
services. These services rely on an already-funded service inventory platform.
This funding model contains several distinct approaches.
Project Funding Model Individual projects build new or extend
existing reusable services.
Central Funding Model The funding of reusable services is
provided centrally.
Usage Funding Model The initial delivery of reusable services is
funded centrally but usage fees are subsequently charged.
208
209
Each phase is defined and described in more detail in other books from the
SOA Computing series. The stages describe a state of a service or the entire
governance program. Each one contains specific goals and deliverables that
must be accomplished before the service or program can move forward.
To realize these goals, a distinct set of project roles and responsibilities should
exist, including those of:
Service Analyst
Service Architect
Service Developer
Service Custodian
Cloud Service Owner
Service Administrator
Cloud Resource Administrator
Schema Custodian
Policy Custodian
Service Registry Custodian
Technical Communications Specialist
Enterprise Architect
Enterprise Design Standards Custodian (and Auditor)
SOA Quality Assurance Specialist
SOA Governance Specialist
SOA Security Specialist
These are commonly used roles but variations or different combinations can
also exist. Multiple roles may be fulfilled by a single individual and vice versa.
210
Each role has specific deliverables and plays a particular set of functions in
each phase in the SOA project lifecycle.
Summary of Key Points
Each SOA project progresses through a variety of stages
A number of roles are necessary to effectively implement SOA governance
8.3 SOA Governance Fundamentals
The primary business goal of SOA governance is to ensure that an SOA
initiative achieves its targeted business outcome. This is achieved by
establishing an SOA governance system, which acts as a meta-decision system
that an organization puts in place to control and constrain decision-making
responsibilities related to the adoption and application of service-orientation.
The foundation of an SOA governance system resides within an SOA
Governance Program Office (SPGO) responsible for creating and
administering an SOA governance program.
There are several ways in which the SPGO may be established in an
organization.
Centralized Enterprise SGPO a single governance body that oversees SOA
governance on behalf of the entire IT enterprise.
Centralized Domain SGPO a single governance body that subjects all
domain service inventories on to a common SOA governance system.
Federated Domain SGPOs in this model, a central overarching SGPO
exists in addition to individual SGPOs, each responsible for a separate domain
service inventory.
Independent Domain SGPOs in absence of a central overarching SGPO,
each domain service inventory has its own SGPO, which has full governance
authority and jurisdiction over that domain.
The SGPO exists to create and maintain an SOA governance program. The
task of realizing it can be divided into three basic steps:
1. Assessing the Enterprise (or Domain), which is focused on:
211
213
214
support
creation
and
Once all the precepts, processes, and governance mechanisms are established,
service information and policies can be effectively governed across the entire
SOA project lifecycle.
Summary of Key Points
Service policies and information are governed through a variety of precepts
and processes
8.6 SOA Governance Vitality
Once deployed and in use, services and supporting technologies become living
assets. The SOA governance program must therefore provide a means by
which these assets are routinely reviewed, kept current and accurate and,
most importantly, relevant to business needs. To address this evolutionary
aspect, the SOA governance program needs to make the notion of vitality part
of the SOA governance system being employed.
To accomplish this, the SOA program must implement a series of vitality
triggers as a mechanism of notification and reaction. They represent
pre-determined events and conditions that execute pre-determined activities
as part of a vitality process. There are five common types of vitality triggers:
Strategic Adjustments changes to the organizations business direction or
vision; IT changes pertaining to technology and resources.
Industry Shifts changes in business law, governmental policy, or even
economic or political factors; technology shifts that occur within proprietary
vendor platforms and product lines, as well as industry technology standards
communities.
Metrics metrics related to performance of various parts of an SOA
ecosystem; metrics exposing lack of compliance with industry or IT
regulations.
Organizational Shifts organizational events that affect the IT enterprise,
deliberately or inadvertently.
Periodic pre-defined vitality activities that are carried out at scheduled
intervals; review of assets using a pre-defined timescale.
216
A set of processes should exist to ensure SOA asset vitality is being addressed.
They are comprised of a series of activities that are carried out in response to
certain vitality concerns or requirements. They ensure execution of different
vitality activities, which include:
Identify Activity centers on capturing relevant information surrounding
the trigger and the circumstances of its execution.
Assess Activity encompasses tasks that focus on determining the effect of
carrying out a refresh, prior to moving on to the actual Refresh activity.
Refresh Activity governs the actual actions performed in response to the
previously identified vitality concern.
Approve Activity SOA Program Governance Office review that can result
in the acceptance or rejection of the refresh plan.
Communicate Activity the communication of the planned refresh to the
affected stakeholders, project teams, and others involved with the targeted
asset.
Together, the vitality triggers and activities that are kicked off in response
ensure that the SOA program remains current and viable. SOA program
vitality is the final element that underlines and supports all the previously
defined SOA governance mechanisms.
Summary of Key Points
SOA governance program must implement a series of vitality triggers to
determine qualifying events
In response to a trigger, a series of activities can be executed
8.7 Next Generation SOA Governance
As discussed in previous chapters, evolution of the service-oriented computing
introduced a number of new technology elements, practices, and patterns.
These had direct impact on the state of SOA governance. It had to adapt to the
rapidly changing service-oriented computing space. As a result, new SOA
governance practices and mechanisms had to be introduced.
217
The extensions to the existing SOA governance attributes are rooted in the
foundation described throughout this chapter. Instead of establishing
radically new approaches, they aim to coexist with and extend current SOA
governance program implementations. However, the shifts in the
service-oriented computing space necessitated expansion of the SOA
governance domain and scope.
Each next generation architecture element creates a need for related set of
governance mechanisms and practices. The subsequent sections discuss
specific precepts and processes that are introduced in each stage of an SOA
project.
Business Process Management
BPM has a profound impact on SOA. When applied correctly, it can
significantly enhance the value SOA already offers. Therefore, SOA
governance mechanisms should concentrate on maximizing the alignment
between the two disciplines but do so intelligently and for the right reasons.
Table 9.1 discusses how this can be accomplished in each SOA project stage.
218
219
The BPM approaches, tools, and technologies offer significant synergies with
SOA and its established precepts and processes. While this close relationship
should be exploited to its full potential, it will undoubtedly become even
stronger, as the technology evolves and maturity increases on both sides.
Business Rules Engines
Business Rules Engines bring a new dimension to service-orientation. They
provide capability to externalize business rules that services need to execute as
part of their logic. The rules may be maintained by external parties outside of
the organization that owns and manages the service. The changes to the rules
implemented through a rules engine need to be synchronized with the service
interface and other business logic the service may execute. The service itself
may be reduced to just a call to a rules engine.
The variety of rule engine technologies that exists today demands a careful set
of guidelines to be crafted in order to determine which platform is the most
appropriate to use in which situation. SOA governance mechanisms need to be
put in place to help guide rule service design and development in the most
effective way. Table 9.2 specifies which existing precepts and processes need
to be expanded to accommodate Business Rule Engine technology and
whether new ones need to established or not.
221
223
224
for events and their subscribers as well as event registration and discovery.
Eventually, differentiation between EDA and SOA will cease to exist. Until
then, specific EDA inspired governance mechanisms are still necessary.
Cloud Computing
Cloud Computing governance concepts are covered in the SOA Governance
book, part of Thomas Erl SOA Computing Series. It is important to mention,
however, that this space continues to evolve. Progress is being made every day.
Cloud and distributed computing paradigm continues to mature. Even though
it largely remains in the hype stage, it quickly approaches the Plateau of
Productivity. Once there, existing governance mechanisms will need to be
reevaluated and adjusted to accommodate new trends, technologies, and
practices.
Business Architecture
Business architecture is the next battleground for SOA. On its path towards
full maturity, service-orientation has to become a part of business strategy and
should be supported by the specific guidelines and strategies outlined in the
business architecture vision. Without the full support and acceptance by the
business and executive leadership, SOA will remain a purely technology
initiative. This will reduce its value and bring limited benefits.
To avoid this issue, governance of SOA strategies and key decisions should be
executed as a partnership between business and IT. This can be accomplished
by expanding the role of the Executive Review Board (ERB) to align the SOA
program with both business and IT strategy. The SOA Governance Program
Office (SGPO) described above should be closely connected with this new
entity to ensure continuity of the business architecture strategy with the rest
of the SOA program. Figure 8.2 depicts how this relationship works.
Figure 8.2. Executive Review Board and SGPO should be closely
connected.
226
227
Aggressive organization and outlined the risks associated with this type of
approach to SOA.
At the outset, a central SOA Governance Program Office (SPGO) was
established, as shown inFigure 8.3.
Figure 8.3. RYLC established a central SGPO responsible for its
enterprise service inventory.
The SGPO was chartered with establishing all the SOA governance precepts
and processes, setting up a standard funding model, and continually
revitalizing the program. The CIO decided to let the chief architect chair the
SGPO and include representatives from each IT department as well as the
enterprise architects responsible for various domains including data,
security, infrastructure, and common assets.
The SGPO decided to establish a central platform funding approach to help
RYLC better manage its SOA platform investment and demand. It also
recommended establishing a hybrid funding model for service delivery work.
The SGPO felt that a combination of these models would provide the best
platform for RYLC to streamline its SOA program.
228
229
work closely with the SGPO in aligning business strategies with SOA and
measuring results.
Summary of Key Points
Existing SOA governance precepts and processes need to be extended in
response to technology and architecture evolution
Business Architecture should be closely aligned with SOA and SOA
governance
230
o
o
o
These specifications are discussed in detail and contrasted with each other.
2. What are Architectural Standards?
System architecture is a formal description of a system, or a detailed plan of
the system at component level to guide its implementation. Architecture
represents the structure of components, their interrelationships, and the
principles and guidelines governing their design and evolution over time. It
also ensures a common understanding of what exists now or will be built in
the future. Architecture helps us compose complex solutions from simpler
building blocks. Architectural standards [1] are needed to address customer
architecture and deployment considerations. They are directed towards IT
architects and oriented towards consistency rather than interoperability.
Infrastructure standards are normative, product-driven, conformance-centric
and interoperability-focused.
Figure 1. The landscape of architecture standards
231
The types of Architectural Standards [1] are depicted in the diagram below.
Figure 2. Different types of architecture standards span from
abstract to concrete
The SOA standards described throughout this document can also range from
abstract to concrete. It is important to understand in which category an
232
As SOA continues to evolve and become more widely adopted, other groups,
such as business stakeholders, business and IT executives, QA practitioners,
and many others will become more interested and influenced by the SOA
standards.
The Active Standards Organizations in the SOA Space
Considering increasing significance of SOA in providing and performing
better business results, offerings and operations, several existing standards
bodies have begun drafting industry-strength, open specifications for various
critical contributors to SOA success. Consortiums of IT leaders and open
233
source communities have been working together to sustain and support the
deeper penetration of SOA into different industry segments. Government
agencies have also been contributing to the SOA standards and adoption.
There are three principal bodies responsible for setting SOA-related standards
the Open Group, OASIS and OMG, each of which represents a not-for-profit
vendor- and technology-neutral consortium. These three bodies are highly
collaborative and have many members in common.
The Open Group
The Open Group is a vendor- and technology-neutral consortium with over
300 member organizations from all over the world, ranging from major
corporations, government organizations and consortia to universities and
individuals, including most of the heavy hitters in SOA technology. The Open
Group platinum members (currently Capgemini, Hewlett-Packard, IBM,
Oracle, SAP and Shenzen Kingdee Middleware) represent heavy hitter
vendors in the SOA space who are committed to multi-vendor integration
through creation of products that are compliant to open standards,
certification and branding.
The Open Group has a series of forums responsible for setting standards in
areas such as architecture, security, real time and embedded systems and
enterprise systems management. The Open Groups SOA Working Group is
dedicated to creating and maintaining a wide range of SOA standards,
reference architectures, best practices and models like the Open Group Service
Integration Maturity Model (OSIMM), and The Open Group Architectural
Framework (TOGAF). This includes a database of industry standards, a
proven method for developing an organization-specific standards-based
architecture based on their specific business requirements, together with a
compendium of tools, working examples and case studies.
OASIS
The Organization for the Advancement of Structured Information Standards is
another not-for-profit consortium that drives the development, convergence
and adoption of open standards for cloud computing, SOA, Web services, the
Smart Grid, electronic publishing, emergency management, and other
technologies and architectural approaches. OASIS has some 5,000
234
OASIS has several member sections that focus on specific technical areas
including:
The Open Composite Services Architecture (CSA) Member
Section advances open standards intended to simplify SOA
application development
o The Semantic Execution Environment (SEE) Technical
Committee proposes a semantic Web Services platform to address
the problems of interoperability between data and behavior across
diverse organizations
o The SOA for Telecom Technical Committee (SOA-TEL TC)
plans to identify gaps in standards coverage for using Service
Oriented Architecture (SOA) techniques in a telecom environment
o The SOA
End-to-End Resource Planning Technical
Committee (SOA EERRP TC) focuses on the supply chain, with
particular reference to business quality of service, SLA management
and supplier credentials.
o
OMG
The Object Management Group membership includes hundreds of
organizations, with half being software end-users in over two dozen vertical
markets, and the other half representing virtually every large organization in
the computer industry and many smaller ones. OMG is responsible for the
Unified Modeling Language (UML) and Model Driven Architecture
235
236
While the potential benefits of SOA are clear, the standards picture still looks
less so. Forrester Research has counted around 115 standards floating around
in the SOA space in its most recent study on that topic. It also has found that
just confirming which vendors support which standards is virtually impossible,
mainly because of missing compliance tests. Since many of these standards
are not yet fully mature, the main challenge is to find an architectural
framework to help maintain integrity and integration while standards
continue to evolve.
Technical experts and architects have to navigate their adoption of standards
carefully until they mature and become widely accepted. Standards such as
SOAP and WSDL have already been well-adopted and others like WS-Security
are being increasingly accepted. Popular standards include SOAP, WSDL,
WS-I Basic Profile, UDDI, WS-Security, WS-BPEL, BPMN, WSRP, XML
Schema, XSLT, XPath, XQuery, XML Signature and XML Encryption.
There are many new terms emerging in the SOA space due to the arrival of
different players including IT service and solution organizations, consulting
companies, standards consortiums, academic institutions, governments,
customers, etc. This rapid expansion creates an urgent need for universal sets
237
formally describe the elements of and provide a formal language for both
reference models and reference architectures. The formal representation
comes handy when evaluating consistency across domains and applying
reasoning to solve business problems using domain elements. The ontology
representation may also be used to support model interchange and
extensibility.
Maturity Models Maturity models are becoming increasingly common.
They help enterprises assess how far they have progressed along their
adoption roadmap, which in turn helps them define the most appropriate set
of goals, standards tools, techniques and training that will help them progress
to the next step in the program.
Modeling Languages With rising IT complexity, modeling has become an
indispensable process to represent a variety of things. Increasingly, majority
of the software and services development lifecycle consists of a progressive
top-down set of models, followed by a final stage when functional code is
generated rather than coded by hand. To achieve interoperability, formal
modeling languages are needed to define modeling notations, icons, terms,
interactions, states, transitions, messages and events. A typical modeling
language includes a metamodel and a set of notations that provide a standard
means of unambiguously representing artifacts in tools and communicating
information between tools and automated environments.
The Unified Modeling Language (UML) from the OMG is the most popular
tool for object-oriented software modeling. UML supports extensions via
stereotypes and profiles for specific needs. Besides UML, there are
domain-specific modeling languages targeting special domains such as
aeronautics, avionics, automotive electronics, etc. With services emerging as a
powerful building block for enterprise systems, a need for a distinct modeling
language to model services and service oriented systems is becoming more
prevalent. SoaML is the latest modeling language (obtained through an
extension of UML for the service world) designed specifically for
service-oriented applications.
Business Process Management space has a variety of modeling languages used
to describe business processes and their executable models. BPMN (Business
Process Modeling Notation) is a language that enables users to fully model
business processes, sub-processes, and individual tasks. BPEL (Business
Process Execution Language) is used to represent executable business process
239
models. Vendors and various BPM platforms support one or both of these
languages.
Additionally, there may be a variety of Domain Specific Languages (DSL)
defined for a variety of domains. Some of these DSLs are incorporated into
standards, while others remain on their own. DSLs, as any other modeling
languages, help people working within the domain standardize the syntax,
notation, and semantic of the information being presented by each model.
Concrete/Solution / Physical Architectures A concrete architecture is
a physical instantiation of a reference architecture achieved by substitution of
the general, logical, and abstract elements of the template with concrete or
physical realizations of vendor products and instances of technical products,
standards, protocols, and design/architectural decisions. Industries can
instantiate concrete architectures for their usage context. Concrete/solution
architectures are used directly to drive project implementations.
While we already briefly discussed SoaML, the next section is dedicated to
covering it in detail.
4. Service Oriented Architecture Modelling Language (SoaML) [2]
For many years, UML (unified modeling language) has been the key tool for
visually
specifying,
modeling,
representing
and
communicating
object-oriented software design. With the continued adoption of
service-orientation for enterprise engineering, there was a need for UML to be
extended to accommodate the unique principles and patterns of the service
paradigm. To address this need, OMG created the SoaML specification.
SoaML defines a UML profile and a metamodel that extends UML to support
a range of modeling requirements for SOA. The key requirements include the
specification of a system of services, individual service interfaces and service
implementations.
The SoaML metamodel extends the UML metamodel to support service
modeling. This extension is intended to support different service modeling
scenarios, such as single service description, service-oriented architecture
modeling, or service contract definition. SoaML has been designed to support
both the IT and business perspectives of SOA. A UML profile customizes UML
for a specific domain or purpose by using extension mechanisms such as
240
241
242
There are three services identified (as service contracts): Secure Purchase,
Ship Status and Shipping Request. Some of these may, in fact, be simple
one-way interactions and could thus be modeled using the simple interface
based approach. Although the three different service specification approaches
of SoaML are different, they are still interconnected since simple interfaces
244
are structural parts in both the service contract and service interface based
approaches.
Aligning Business and IT Models using BPMN and SoaML - The
increasing popularity of the SOA paradigm relies on its close relationship to
business models, in particular business process models. The SOA concepts
apply to both business and system architectures. A Service Model is a
representation of how an enterprise functions internally and externally,
expressed in terms of contracts, responsibilities, capabilities and interactions
and collaborations, both with internal and external entities. From an IT
perspective, the Service Architecture describes the software components, their
service interfaces and the way these components can be coupled to form a
technical system architecture that supports the business requirements of the
enterprise.
Figure 6. Business and IT SOA perspectives
245
It should be noted that some of the language constructs defined in SoaML fit
on both the business and IT level. In particular, this applies to participants
that are used to define the service providers and consumers in a system. At the
business level, the participants typically represent business organization units
or roles, whereas on the IT level the participants typically represent IT
systems or software components. When a participant acts as a provider, it
contains service ports, and when a participant acts as a consumer, it contains
request ports.
SoaML is agnostic to the choice of modeling formalisms to define behavior.
The specification states that any UML behavioral constructs can be used to
describe behavior, e.g. service choreographies, and other formalisms, e.g. EPC
(event processing chain), business process modeling notation (BPMN), UML,
BPEL (business process execution language), etc. The SoaML specification
primarily describes the structure of the service architecture.
SoaML goals are:
o
o
o
o
o
o
o
o
o
246
SoaML does not specify which kind of behavioral notation to use, so that
BPMN or any other standard can be used for specific behavioral modeling.
SoaML is supported by UML tool vendors and incorporated as part of their
service-oriented methodologies. In particular, IBM has incorporated SoaML
into its Service-Oriented Modeling and Architecture (SOMA) methodology
that is supported by its Rational Software Architect (RSA) modeling tool.
Other vendors that provide SoaML support are ModelDriven.org, NoMagic,
SOFTEAM and Sparx Systems (www.soaml.org). In addition, SoaML-based
tools and methods for model-driven engineering of service-oriented systems
were developed by the European research project SHAPE. The current tools
and methodologies using SoaML focus mainly on supporting the MDA
approach, which emphasizes models as the essential artifacts. Similarly, the
Architecture-Driven Modernization (ADM) (adm.omg.org) proposes to start
with knowledge discovery to recover models and to rebuild new systems in a
forward MDA process. The ADM initiative may be another starting point in
order to support migration of legacy systems to the cloud. The European
research project REMICS (www.remics.eu) aims to develop a complete
process including methods and tools for creating SoaML models from the
legacy artifacts and rebuilding cloud-based systems by applying SOA and
cloud patterns.
5. The Reference Architecture (RA) for SOA [3]
Different consortia have come out with different Reference Architectures
based on their views, purposes and perspectives. In this section, we discuss
the Reference Architecture standard proposed by the Open Group. The
purpose of a Reference Architecture is to help optimize service design,
streamline service modeling, and enable effective governance of the service
lifecycle. Architects should use reference architectures to help answer
questions such as:
o
o
o
249
250
the Figure 7 below, the SOA Reference Architecture meta-model includes the
following elements:
Figure 7. SOA Reference Architecture meta-model
251
253
The Open Group SOA Reference Architecture defines nine layers that
represent various elements in the SOA solution. They are described in detail
below.
Layer 1: Operational Systems Layer
This layer captures new and existing organization infrastructure needed to
support the SOA solution. This includes:
1. Infrastructure needed to run all elements of the SOA solution.
2. All operational and runtime hosting platforms of the underlying
system components.
3. All assets required to support the functionality of a shared service,
including custom or packaged application assets, new services, services
created through composition or orchestration, infrastructure services,
and all other related components.
The capabilities supported by the Operational Systems layer include
integration of infrastructure services into the SOA solution, reuse of existing
assets composed within it, and the infrastructure elements required to
running the SOA platform. The Operational Systems Layer enables
organizations to implement an SOA solution without explicit knowledge of the
underlying infrastructure components, the hosting environment, and all of the
related specifics.
254
o
o
o
o
255
o
o
o
A policy document
SOA management descriptions
Attachments that categorize or show service dependencies.
Some of the services in the service layer may be versions of other services,
which means that a significant successor/predecessor relationship may exist
between them. Thus, exposed services reside in this layer. They can be
discovered and invoked or possibly choreographed to create a composite
service.
Services are functions that are accessible across a network via well-defined
interfaces of the Services Layer. This layer also provides a mechanism to
take enterprise scale components, business unit specific components and in
some cases project-specific components and externalizes a subset of their
interfaces in the form of service descriptions. Thus, the components provide
services through their interfaces. The interfaces get exported out as service
descriptions in this layer, where services exist in isolation (atomic) or as
composite services. For example, a service container in which the services
are hosted, is also a part of the Services Layer. The service container is
compliant with the standards for service specification being supported by the
service and runs on a hosting platform in the operational systems layer. This
layer contains the contracts that bind the provider and consumer. Services are
offered by service providers and are consumed by service consumers (service
requestors).
The layers and their underlying building blocks in the target architecture may
be defined according to the service identification activities that may be defined
through three complementary techniques of domain decomposition, existing
asset analysis and goal service modeling to identify, specify, and realize
services, components and flows. They represent the heart of the SOA value
proposition improved agility via the decoupling of business and IT. The
quality of these service definitions will have a significant impact on the benefit
of a given SOA effort.
Services should be accessible independent of implementation and transport.
This allows a service to be exposed consistently across multiple customer
facing channels. It is important to acknowledge that Service Components may
consume Services to support integration. The identification and exposure of
this type of Service, e.g. internal services, does not necessarily require the
same rigor as is required for a business service. While there may be a
257
compelling IT related reason behind the use of such services, they are not
generally tied back to a business process and, as such, do not warrant a
rigorous analysis required for business services.
In addition to being an important template for defining an SOA solution at a
logical level, the SOA Reference Architecture is also a useful tool in the design
of vendor neutral SOA solutions. This is because it enables the objective
identification of SOA infrastructure requirements. The SOA Reference
Architecture provides a well-factored decomposition of the SOA problem
space, which allows architects to focus on those parts of an SOA solution that
are important in the context of the problem they are solving and to map the
required capabilities onto vendor product capability rather than trying to
reverse engineer an SOA solution architecture from the capability of a
particular vendors products. This set of requirements can be used to better
leverage various capabilities provided by a mix of different vendors that may
offer the same architectural building blocks. Using the same SOA Reference
Architecture we can deliver SOA business services based on the same
deployment framework.
Layer 4: Business Process Layer
In a service-oriented world, business capabilities are realized by business
processes or collections of business processes. These business processes
include service orchestrations and compositions, as well as the ability to insert
human intervention and support long-living transactions. In particular,
compositions and choreographies of services exposed in Layer 3 are defined in
this layer.
The evolution of service composition into flows, or choreographies of services
bundled into a flow act together to establish an application. These applications
support specific use cases and business processes. Visual flow composition
tools can be used to design application flows. Figure 10 shows how a Business
Process P can be implemented using Services A, B, C and D from Services
Layer. Process P contains the logic to sequence and orchestrate service
invocation and execution. The services that are aggregated as a business
process can be an individual service or a composite service.
Figure 10. Process composed from a variety of services
258
The business process layer in the SOA Reference Architecture plays a central
coordinating role in connecting business level requirements with IT-level
solution components through collaboration with integration layer, QoS and
business performance management layer, as well as data architecture and
services layers.
Layer 5: Consumer Layer
SOA supports a client-independent and channel-agnostic set of functionality
that is separately consumed and rendered through one or more channels. This
ability empowers organizations to use SOA to improve quality, increase
consistency and support enhanced reuse. The consumer layer provides the
capabilities required to deliver IT functions and data to end-users through a
variety of channels, such as portals, rich clients (mashups and Ajax), etc.,
application-to-application interfaces, and other services. Some recent
standards such as Web Services for Remote Portlets (WSRP) may leverage
web services at the application interface or presentation level. It is also
important to note that SOA decouples the user interface from the underlying
components. Examples include Service Component Architecture (SCA)
Components, portlets, WSRP and B2B.
The Consumer Layer of the SOA Reference Architecture provides the
capability to quickly create the front end of the business processes and
composite applications to respond to changes in the marketplace. It enables
channel-independent access to those business processes supported by various
applications and platforms. By adopting proven front-end access patterns (e.g.
portals) and open standards (e.g. WSRP), development and deployment cycle
times can be decreased through the use of many pre-built, proven and
reusable front end building blocks. Additionally, complexity and maintenance
costs are reduced due to use of these common building blocks. This approach
improves the usability of the business processes/applications created using it
and promotes a single unified view of knowledge presentation, a single unified
entry point to the supported business processes/applications that integrates
with other foundational services such as security (single sign-on, for example)
and trust.
The Consumer Layer allows for the plug-and-play of content sources (e.g.,
portlets) with portals and other aggregating web applications. It therefore
standardizes the consumption of services in portal front ends and the way in
which content providers write services for portals. Scenarios that motivate
261
262
263
The integration layer also incorporates the support for runtime service
virtualization using registry. Service virtualization abstracts (decouples) the
location of services for consumers. Services are exposed and can be discovered
through a registry, but the exact location is hidden to support versioning,
change of service locality and administration, without impacting the
consumer.
Layer 7: Quality of Service (QoS) Layer
SOA contains inherent characteristics that exacerbate existing QoS concerns
in computer systems. They include increased virtualization / loose coupling,
widespread use of XML, composition of federated services, heterogeneous
computing infrastructures, decentralized SLAs, need to aggregate IT QoS
metrics to produce business metrics, etc. These characteristics create
complications for QoS that require attention within any SOA solution. The
QoS layer provides the service solution lifecycle processes with the capabilities
required to ensure that the defined policies and non-functional requirements
are addressed.
The QoS layer deals with issues like monitoring and capture of service and
solution metrics from an operational perspective as well as signaling
non-compliance with non-functional requirements related to the salient
service qualities and policies associated with each SOA layer. Service metrics
are captured and connected with individual services to allow service
consumers to evaluate service performance, creating an increased level of
trust. This layer serves as an observer of the other layers and can create events
when a non-compliance condition is detected or (preferably) when a
non-compliance condition is anticipated. The QOS layer makes non-functional
requirements related issues the primary feature/concern and establishes a
focal point for dealing with them in any given solution. It provides the means
of ensuring that each service meets its requirements in the following
categories:
o
o
o
o
o
reliability
availability
manageability
scalability
security
264
Finally, the QoS layer enhances the business value of SOA by enabling
organizations to monitor business processes related to or supporting shared
services. In particular, SOA security, a significant issue with typical service
implementations due to their potential perimeter-less nature as opposed to
traditional, web-based, within the firewall, perimeter based security is a
capability realized by the QoS layer.
Layer 8: Information Architecture Layer
This layer includes information architecture, business intelligence, and
meta-data considerations. It ensures the inclusion of key considerations
pertaining to data and information architectures that can also be used as the
basis for the creation of business intelligence through data marts and data
warehouses. This includes meta-data content that is stored in this layer. For
industry-specific SOA solutions, this layer captures all the common
cross-industry and industry-specific data structures, XML-based meta-data
architectures (e.g. XML schema), and business protocols of exchanging
business data. Some discovery, data mining, and analytical modeling of data
are also covered in this layer. These common structures may be standardized
for the industry or an organization.
Layer 9: Governance Layer
SOA Governance ensures that the services and SOA solutions within an
organization adhere to the defined policies, guidelines and standards. SOA
governance activities need to conform to Corporate, IT & EA governance
principles & standards. The Governance layer will be adapted to match and
support the target SOA maturity level of the organization.
The governance layer includes SOA governance (governance of processes for
policy definition and enforcement) as well as Service governance (service
lifecycle). This covers the entire lifecycle of the services and SOA solutions
(from design to runtime and retirement) as well as portfolio management of
both the services and SOA solutions managing all aspects of services and SOA
solutions (e.g. SLA, capacity and performance, security and monitoring). This
layer can be applied to all the other layers in the SOA Reference Architecture.
From the quality of service and performance metrics perspective, it is well
connected with the QoS layer. From a service lifecycle and design time
perspective, it is connected with the Service layer. From an SOA solution
lifecycle perspective, it is connected with the Business Process layer. The goal
265
Service lifecycle
SOA standards, precepts, and practices
SOA methodology
Governance processes and mechanisms
Service Level Agreements based on QoS and KPIs
Capacity and Performance management policies
Security enablement
The information in this layer that is collected and made available consists of:
o
o
o
o
o
o
o
266
267
Element Class
<owl:Class rdf:about=#Element>
</owl:Class>
An element is an opaque entity that is indivisible at a given level of abstraction.
The element has a clearly defined boundary. The concept of element is
captured by the Element OWL class, as depicted in Figure 12.
Figure 12. Element class representation
268
269
270
System is defined as disjoint with the Service and Task classes. Instances of
these classes are considered not to be collections of other things. System is
specifically not defined as disjoint with the HumanActorclass since an
organization in many cases is, in fact, just a particular kind of system. We
choose not to define a special intersection class to represent this fact.
System Examples
Organizational Example
Continuing the organizational example from above, we can now express that
an organizational unit as an instance of System has the people in it as
members (and instances of Element).
Composition Example
Rent Your Legacy Car company (RYLC) has a series of rental lots or outlets.
Each outlet can be instantiated in a simple ontology in the following way:
A RYLCOutlet is an instance of System.
o
The OutletManager is an instance of Element and is (used
by/manager of) RYLCOutlet.
o
Each Rental
Agent or VehicleMaintenanceOperative is
an
instance of Element and is (used by/employed at) RYLCOutlet.
o
272
273
o
o
o
o
o
o
RYLCOutlet,
RentalSystem and VehicleMaintenanceSystem are
of System
all
instances
There are more details about the still evolving SOA Ontology standard with a
number of examples and diagrams that can be found in the standards
document. As we strive to automate finding, binding and interacting with local
as well as remote services, the role and responsibility of Ontology becomes
critical. It can attach semantics to services, so that both consumers and
providers can speak the same language and thus interact in more dynamic
ways. This presents a precursor for a semantic web where all systems and
collaboration partners can easy understand each other and seamlessly
integrate across disparate channels.
274
275
For example, consider the cell Information x Silo, with the label
Application-Specific Data Solution. Maturity attributes are mapped to the
maturity indicators within OSIMM. If the maturity attributes suggest that the
Silo level maturity indicators are present for a particular assessed application
or system then the maturity of the Information dimension is considered to be
Silo (Level 1). Thus, the assessed application or system is characterized as
having an Application-Specific Data Solution. Each dimension may be
assessed in a similar way, leading to a level assessment for each dimension or
business view, organization, etc. The overall picture in terms of the assessed
maturity level for each dimension may itself be assessed to provide a view of
the overall maturity level of the organization.
Maturity Levels
At the heart of OSIMM are seven levels of enterprise business and IT service
integration maturity. Each of the seven levels reflects a possible abstract state
of an organization in terms of its maturity in the integration of its services
(business and/or IT) and SOA solutions. Each maturity level builds on the
foundation of its predecessors and will have a cumulative set of maturity
attributes.
Level 1: Silo
Individual parts of the organization are developing their own software
independently with no integration of data, processes, standards, or
technologies. This severely limits the ability of the organization to implement
business processes that require cooperation between different organizational
silos. IT systems cannot be integrated without significant manual intervention,
such as re-keying and re-interpretation of data.
Level 2: Integrated
Technologies have been put in place to communicate between the silos and to
integrate data and applications. The construction of an IT system that
integrates across different parts of the organization becomes possible.
However, integration does not extend to common standards in data or
business processes. Therefore, to connect two systems, it requires a possibly
complex conversion of data, operations, and protocols used by these systems.
Each such connection may require bespoke code and adapters, leading to a
278
279
280
Dimensions
An organizations level of SOA maturity can be assessed across the following
set of dimensions, which are essential indicators for effective SOA adoption.
Business
The Business dimension is focused on the business architecture,
organizations current business practices and policies, as well as design,
structure, implementation, and execution of business processes. The Business
dimension addresses how the cost of IT capabilities is allocated across the
enterprise, and how well the IT capabilities support the flexibility of the
business, operations, and SLAs. The Business dimension includes IT strategy
and thus includes the necessary value proposition for moving from one
maturity level to a higher maturity level.
Organization & Governance
The Organization & Governance dimension is focused on the structure and
design of the organization itself and the necessary measures of organizational
effectiveness in the context of SOA and SOA governance. The Organization
aspect is focused on organizational structure, relationships, roles, and the
empowerment necessary to adopt a service-oriented strategy. This includes
the types and extent of skills, training, and education that are available within
the organization. Governance is associated with formal management
processes to keep IT activities, service capabilities, and SOA solutions aligned
with the needs of the business. Governance guides many aspects of the other
maturity dimensions including how management is structured and costs are
allocated.
Method
The Method dimension is focused on the methods and processes employed by
the organization for its IT and business transformation and the organizations
maturity around the Software Development Lifecycle such as the use of
requirements management, estimation techniques, project management,
quality assurance processes, design methodologies and techniques, and tools
for designing solutions.
Application
281
282
284
285
solution stack (e.g., use case models, component business models, business
processes, service models, etc.) helps us better understand and follow
standards. It also serves as a platform for gap analysis. In short, this view
allows us to check whether all services required by the standards exist and
that there are no overlapping services. To implement such a view, a mapping
management system, referred to as the Mappings Catalog and Repository
System (MCRS), could be implemented. The authors have identified three
main needs for a holistic view of industry standards in the SOA solution stack,
based on the pain points of the user community dealing with these artifacts:
1) Enterprise Level
Managing a number of distinct models in the SOA era is a challenging
task. Typically, enterprises that adopt SOA have a significant amount of
enterprise level models that are historically tightly coupled. However,
SOA transformation makes these models more reusable and loosely
coupled, thus increasing the number of relationships created. Examples
of such models are business process models, governance models,
information models, service models, application maps, etc. The need to
have a holistic perspective of the models used in a service-oriented
enterprise (SOE) and then be able to focus on a specific area is inevitable.
2) SOA Project Lifecycle
One of the first tasks in a new SOA project is the identification of reusable
components and models such as service components or service
definitions created in previous projects. Unfortunately, models are
usually stored in disperse model repositories and formats. Serious efforts
are therefore required to discover these models. New projects also involve
a large number of new services and models created during different
project iterations. As such, users are looking for associations between the
projects models and industry standards. On top of all these needs, the
users main concern is the ability to trace changes in models, services, and
standards. Common questions include what does this requirement
affect, what will happen if we change this service definition, etc. Users
need to understand which artifacts in the solution stack are affected.
3) Tooling
Different models originating in a typical SOA project use different tools
that are stored in different formats. In each tool one can only see a
286
288
Users often prefer to use their native tools in conjunction with the MCRS
system. Moreover, after using the MCRS scoping service to decide what their
focus will be, users like to continue work in their native environment. To meet
this need, the MCRS system exposes interfaces for several modeling tools in
which the user can:
1. Publish models to MCRS
2. Retrieve models from the MCRS by working with the results of a
scoping procedure that constructs the scoped (sub-set) models
3. Execute simple queries to retrieve additional models.
This tool-supported model enables users to more precisely and efficiently
determine what standards to use. This approach can enable a more holistic
view of the SOA standards, better understanding of relationships between
them, and greater level of standards adoption.
Conclusion
With SOA moving to the mainstream, different standards bodies established a
number of SOA-specific standards. As a result, industry-specific and generic
standards were introduced. With the emergence of a myriad of standards,
there is a possibility for potential overlaps and misinterpretations. To combat
this, several authors have taken up the task of bringing clarity and intuition
via holistic approaches and models, so that users could confidently consider,
select and use the most appropriate and relevant standards for their SOA
efforts.
Competent and correct standards enable SOA initiatives to be successful. This
chapter is written to help the SOA community to navigate the myriad of
overlapping specifications. Fortunately, there is a great deal of agreement on
the foundational core concepts across the many independent and open
standards for SOA. This could be explained by similar experiences and hurdles
companies face when implementing SOA, SOA governance, and SOA maturity
models. It is generally accepted that investing in SOA enablement and IT
transformation initiatives that incorporate and use these standards helps
mitigate risks that might compromise success of an SOA solution.
The specifications and standards described in this document can be used
together in many complementary ways. An excellent example is incorporating
the use of modeling techniques into an SOA project by using SoaML in concert
289
290
291
292
293
B.
The
SOA
Manifesto
[This
content
is
currently
in
development.]
This content is currently in development.
294
295
296
297