www oasis-open org The SOA Journey — Deploying

www. oasis-open. org The SOA Journey - Deploying and Managing SOA, a HP IT Case Study Tutorial Anjali Anagol-Subbarao Chief Architect, IDM, Marketing and Direct IT, HP

Polling Question #1 What is your familiarity with SOA and Web Services A. Investigation phase B. Process of implementing a pilot C. Developed a Web service D. Developed a cross enterprise solution

n Overview of SOA l l n SOA Case Studies l l n SOA Web services Consumer Business Identity Management Best Practices

Pressures on the business… New Demands Customer Partner Technology Growth, profit, and value Leadership Continuous business transformation Customer satisfaction Regulation/ Deregulation Mergers & acquisitions Economy Innovation Satisfying Unpredictable Needs Business agility Competition Changing Markets Evolving Business Objectives Supplier

… result in challenges for the CIO Support rapid change Outsourcing Emerging applications Security Drive costs down Performance Improve availability Consumption-based costing Capacity Distributed systems Increase business relevance Mobility Heterogeneity Reduce complexity Improve quality of service P&L contribution Deliver services

Goals of SOA n n n Business and IT Alignment Software design derived from an intrinsic understanding of business design IT systems that enable business agility

Definition In April 2006 The Object Management Group's (OMG ) SOA Special Interest Group adopted the following definition for SOA: Service Oriented Architecture is an architectural style for a community of providers and consumers of services to achieve mutual value, that: ● Allows participants in the communities to work together with minimal co-dependence or technology dependence ● Specifies the contracts to which organizations, people and technologies must adhere in order to participate in the community ● Provides for business value and business processes to be realized by the community ● Allows for a variety of technologies to be used to facilitate interactions within the community In March 2006 the OASIS group SOA Reference Model released its first public review draft. This defines the basic principles of SOA that apply at all levels of a service architecture, from business vision through to technical and infrastructure implementation. Service-Oriented Architecture: A paradigm for organizing and utilizing distributed capabilities that may be under the control of different ownership domains. It provides a uniform means to offer, discover, interact with and use capabilities to produce desired effects consistent with measurable preconditions and expectations.

Principles of SOA ● services share a formal contract ● services are loosely coupled ● services abstract underlying logic ● services are composable ● services are reusable ● services are autonomous ● services are stateless ● services are discoverable Source: Thomas Erl; Search. Web. Service. com

SOA shifts the way we think Traditional Applications Service Oriented Architecture Designed to last Designed to change Tightly Coupled Loosely Coupled, Agile and Adaptive Integrate Silos Compose Services Detailed Abstracted Long development cycle Interactive and iterative development Cost, supply centered Business, demand centered Middleware makes it work Architecture makes it work Favors Homogeneous Technology Favors Heterogeneous Technology

Implementing Enterprise SOA: A Multi-faceted Approach

SOA Maturity Model SOA Maturity Levels Level 2 Basic Level 3 Standardized Level 4 Managed Level 5 Adaptive Business SOA Maturity Dimensions Level 1 Ad-hoc Minimal business interested in SOA Business is aware of SOA Business generally complies with SOA Business proactively supports SOA is fundamental to business operations Program Management SOA is project focused SOA efforts are BU based SOA is federated but not integrated SOA is integrated at corporate level SOA is enterprisewide and extends to partners Governance Some acknowledgement of governance issues Some governance processes, individual responsibility Gov. guidelines defined & integrated into process The value of governance is fully understood Advanced understanding of IT Governance Architecture Limited or ineffective architecture Arch. program exists and architecture is defined All IT initiatives comply with the architecture Arch. Is business driven and is auditably linked Arch. and business are executed as integrated Operations and management No mgmt of services, infrastructure elements only Mgmt of apps and infrastructure in terms of SLAs Management of business services Proactive mgmt of business svcs linked to component svcs Mgmt of business svcs integrated into biz operations Supply and demand Biz needs are all met using technology components All services are provided internally Valued-based sourcing decisions People Staff have little or no knowledge of SOA Enabling technology There is no service infrastructure in place Understanding of SOA education is is limited to IT mgmt required for all IT staff and architects SOA infrastructure is limited to exposing functionality as svcs Standardized enterprise-wide SOA infrastructure Dynamic service Services sourced from sourcing from multiple providers sources Ongoing SOA education is attended by all staff SOA is embraced by all staff and actively promoted Large scale managed SOA infrastructure Integrated, dynamic SOA infrastructure

Why an Enterprise SOA Strategy is Important n n n n Create structure around federated SOA efforts – avoid IT mavericks Provide guidance and recommendations to Business and IT teams wanting to implement SOA solutions Manage and govern the architectural landscape – planning, preparing, and applying principles, techniques, and technologies to make the business adapt to change. Manage semantic interoperability through Services Reduces integration expenses l Web based SOA reduces integration expense through standardization Increases Asset Reuse l Helps eliminate duplicate functionality l Reduces time to market l Promotes consistency Reduces risk l More control over business processes by business people Improves Business Agility l Allows the business direct control of business processes to manage rapid change

Consequences of not having an Enterprise SOA Strategy Within 2 -3 years, we’ll have… n n n n Mishmashed implementations of non-cohesive SOAs Islands of architectures – fragmented business functionality & Business Processes Vendor-defined SOA landscapes (every vendor wants to be the ‘center of the universe’) IT will spend a lot of time in the future unwinding shortsighted solutions Semantic mess – multiple applications exposing seemingly similar functionality Lots of non-reusable, un-structured services that don’t enable business processes Businesses struggle to react to change – reduced competitiveness

A common source of confusion SOA Technology and Web Services n n n One of the key reasons for the today’s focus upon SOA is the emergence of supporting technologies. SOA is an architectural approach, centered around the concept of services SOA ≠ Web Services l l l SOA can exist without Web Services can be utilized without an SOA Using web services can significantly enhance our ability to implement SOA

Web Services Standards n World Wide Web Consortium (W 3 C) http: //www. w 3 c. org n Organization for the Advancement of Structured Information Standards (OASIS) http: //www. oasisopen. org

Web Services make implementing SOA easier, but they aren’t the same Transactions Messaging Security Web Services ERP Business Services Data Services Discovery SOA Fabric (Abstraction Layer) Web Services Custom App Management Transactions SOA leveraging Web Services Legacy App Security Transactions Messaging Security Web Services Legacy App Custom App ERP Monitoring Standard architecture with Web Services

Web Services, the preferred technology for SOA n n n A web service exposes a SOAP XML (industry standard) interface and can be invoked by any client regardless of platform (e. g. J 2 EE, . Net etc. ) Ideally suited for heterogeneous IT environments (such as HP’s) to enable systems to interact in a standards-compliant, interoperable manner Web services offer the technology and SOA offers the blueprint SO Maturity Event Driven Strategic Benefit Business Component Architecture Dynamic business partnerships possible Composite Services BPA-Aligned Reuse across companies; Scaled process-to-process b 2 b Coarse Grained Reuse within the Enterprise; processto-process b 2 b Fine Grained Loosely Coupled Reuse within Organizations; Browser-based b 2 b Technology Maturity Structured Programming Client/Server & Traditional Languages J 2 EE Standards/. Net SOAP; WSDL WS-Mgmt Quality of Service WSRP WS Security Business Process Execution Language Metadata Repository

SOA Case Studies Click to edit Master title style

HP-IT Reference SOA

HP-IT Reference SOA – Standards View

E-Business IT – Significant Progress with SOA n Evolving to an SOA has been the core of Architecture Strategy n Progress to date l l l n Decouple systems and eliminate the re-integration problem Enforce greater consistency in processes and re-use Lower cost to serve Benefits l l Greater IT agility leading to better business agility Greater Leverage of investment dollars

E-Business IT’s SOA Evolution From “monolithic” solutions… Web Site A (e. g. , SMB Store) Web Site B (e. g. , Enterprise) Web Site C (e. g. , Public Sector) Web Site D (e. g. , Consumer) Function A 1 Function B 1 Function A 2 Function B 2 Function A 3 Function B 3 Function A 4 Function B 4 Function C 1 Function D 1 Function C 2 Function D 2 Function C 3 Function D 3 Function C 4 Function D 4 Function E 1 Function F 1 Function E 2 Function F 2 Function E 3 Function F 3 Function E 4 Function F 4 Function G 1 Function H 1 Function G 2 Function H 2 Function G 3 Function H 3 Function G 4 Function H 4 Enterprise Repositories ERP Content CRM Financial Master Data

E-Business IT’s SOA Evolution (2) … to “thin” service consumers that leverage web services for std processes Sites Web Services exposing standard processes Enterprise Repositories Web Site A (e. g. , SMB Store) Web Site B (e. g. , Consumer e. Support) Site C (e. g. , Retail Kiosk) Site D (e. g. , Enterprise Procurement System) Service A Service B Service C Service D Service E Service F Service G Service H ERP Content CRM Financial Master Data

Consumer Business Case Study Click to edit Master title style

IT couldn’t keep up with business demands Retail Outlet Retailer Systems hp website 3 rd party systems External Configurator, Catalog DB, interface Vendor data entry tools Core system ERP (SAP) • Not real-time • Custom developed “pipe” for each business partner was expensive to maintain • Long lead times to connect new retailers • Could not support major e-tailers

Why SOA? n Service–oriented to offer a menu of services for retailers to pick and choose from n Leverage the expertise of HP and retail partners n Interoperability with disparate systems of retailers n Standard platform to expose functions from disparate HP systems Abstracting the interface from the implementation n Reuse of services n

SOA Implementation Using Web Services Retailer systems Web services client Web services Distribute product catalog Query product info Web services layer Data repositories Core system Query order Status Validate config Place order Request price Request/Response technology (Application server) Configurator, Product catalog database ERP (SAP) HP systems Request basket transfer

Overview of SOA Solution n 4 Web services in production n 12 external partners n 1 st implementation – March 2002 n n HP’s systems – SAP, Microsoft, J 2 EE, Oracle Retailer systems –. Net, VB, J 2 EE – Web. Logic, Web Methods

Lessons Learned 1. Not all partners ready with XML; EDI has to be part of solution 2. Achieving desired performance is a challenge 3. Development time delayed due to evolving standards and technologies 4. Security and interoperability can be achieved

Results Achieved – Business Agility 1. 2. 3. 4. 5. Increased sales (see chart) Faster order to delivery time (24 hours) 50% decrease in man-months to implement new accounts Savings from closing down systems and moving to an SOA platform New revenue streams generated by offering services like Validate. Config Note: circles indicate months accounts transitioned to new infrastructure / program

Case Study: Identity Management

Overview of Customer IDM n De sig IA, gy, ate Str ce rien xpe r. E me sto er te rpora e/co rpris ente public sector cons um Cu HP. com small/medium bu s. Customer IDM provides a mission critical horizontal process and shared service for hp. com web sites subsequent site layers awareness buy use & learn support common services publishing systems back-end systems site infrastructure

Industry Leading Implementation n One of the largest IDM systems in the industry l n 35 MM users, growth rate of 700, 000/month One of the highest Available systems in HP l SLA of 3 9’s , protects sites which do business of the order of 4 billion dollars/year

Challenges for Customer IDM system • Many ways to do registration which increased cost of implementation • Non-standard protocols for authentication • Tight coupling between client and server • Only web access management • Access through different web sites which caused security issues

Custom pipes to provide IDM functionality End-User Web Browser EXTERNAL FIREWALL HP Passport Components Registration Web site Plugin -auth Web services Site Plugin-auth API DMZ Site Plugin-auth REGISTRATION SERVER INTERNAL FIREWALL Web Services App Server Cluster Policy Server DATABASE

How did we resolve the challenges n To address the HP identity and access management challenges l l l HP-IT is implementing identity services through an SOA model. Implementing registration, authentication and federation services The identity services were hosted centrally and all external facing web sites could consume these common services n Loosely coupled n Interoperable across many OS/app/web servers n Uses standard protocols n Open to services, devices

SOA-based Architecture End- User ( Web Browser ) Device Rich Client Enterprise Customers Web Service EXTERNAL FIREWALL Registration HP Passport Components Web Services-1 Authentication / Services -2 Federation Services REGISTRATION SERVER INTERNAL FIREWALL Web Services App Server Cluster Policy Server DATABASE DMZ

Identity Services Defined – Burton slide Consumers of Identity Operations Fed erat ed dom ains Applications Identity and policy administration Services Authentication Federation & Authorization Query & Update Personalization & Security Visualization Underlying Identity Components

Identity Services Defined – HP’s Identity Services of Identity Operations Consumers Fed erat ed dom ains Applications Services Authentication Federation & Authorization Federation Web services Identity and policy administration Login Validate Query & Update Personalization & Security Visualization Edit. Profile Update. Credentials get. User Underlying Identity Components Password Management

Benefits n Enabling new business opportunities l n Enabling extended enterprise l l n Identity services help bring these partners/outsourcers to have a more seamless access to HP Extended functionality beyond web access management Achieved a Cost Reduction of 50% l l l n Cross selling, up selling between SMB and enterprise storefronts Leverage Idm to reduce business costs through identity services Used standard protocols and loose coupling Support, integration costs reduced Risk Mitigation l l Security Breaches avoided as one registration, authentication service used throughout company Federation helped in maintaining regulatory compliance

Best Practices/Lessons Learned Click to edit Master title style

Best Practices Established for SOA 1. Designing for interoperability 2. Publishing enduring Web services contracts 3. Effectively using business tier systems 4. Planning a robust production environment 5. Building with Frameworks

Challenges – Web Services Interoperability n The great promise of web services l l n Reality – Creating interoperable web services is still hard l l n Service producers and consumers can use any OS / prog. language Web services standards would guarantee seamless interoperability Evolving specs and ambiguity Vendors implementing standards selectively Teams encounter interoperability issues (often discovered during later stages of testing) In some cases, caused senior management to form a negative opinion of web services, and the value of SOA in general Compiled best practices with respect to interoperability l l Compliance vs interoperability (exceptions to WS-I standards) Issues with specific vendors tools

First design the interface n n n Use WSDL editors (XMLSpy) to create WSDL (for the validate. Config service) Three abstract definitions - types, messages and port type Two concrete definitions - binding and service

Design considerations for Versioning n Leverage XML Schemas n Patterns to facilitate Versioning n Naming Convention n Deployment Strategy

Details of versioning n Using date stamp as part of the target namespace of your XML Schema. …. . n Use different end points in WSDL n Use different operations

Versioning Lifecycle 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Build transition plan Make Changes to Service. Test new Service version Implement new Service version. Add/publish new Service version to WSDL descriptions, UDDI registries, etc. Notify known Consumers of new Service version and transition plan Run Service versions in Parallel Set Date for Retirement of older Service version Notify known Consumers of retirement Remove old Service version from descriptions, registries etc. to stop new consumers discovering and using. Remove functional behavior of old Service. Only return appropriate error message Retire old Service. Physically remove old Service version.

Key Security Elements n Secured the Web services using Transport Level Security – 2 way SSL l n Creates performance issues Now Web services can be secured using message level security - WSSecurity

Performance and Web services n • Performance numbers without SSL Performance numbers with SSL -degradation of approx 30% Transaction Name Minimum Average Maximum Std 90 Perce nt Pass AB_request 0. 578 2. 168 34. 75 2. 9 3. 928 1, 449 place. Order_reque st 3. 688 6. 367 29. 344 2. 931 9. 53 193 VC_request 0. 719 2. 172 24. 078 2. 252 3. 804 10, 080

Enhancing the performance n Identifying performance bottlenecks using HP’s OVTA

Enhancing the performance n Making XML more efficient l l l n Use s. TAX parser XML Beans for XML to Java Binding (now part of Apache open source) XML accelerators from HP Making SOAP more efficient l SOAP parsers n l BEA SOAP engine measurements showed 72% faster than Apache Axis SOAP with attachments

Frameworks support SOA n Dealing with complexity l n Standards do not specify how to deal with the complexities of designing and implementing modular, reliable, scalable and high performance services Frameworks l “Productize” best practices and provide a foundation to developers for creating services l Repeatability and consistency l E-Biz SSA framework for designing and implementing services l E-Biz WPA framework for UIs that consume services

What next for SOA and Web Services? Infrastructure to support SOA ecosystem for sustaining Business Agility Enterprise Systems Dynamic Rerouting and transformations Business Logic Security Management Web Services Lifecycle Management Business Process Management

Summary n Introduction to SOA and web services n Successful implementation of SOA architecture l l n n n Configure to Order Case Study Identity Management Case Study Lifecycle of development of Web services Challenges of implementing Web services – security and performance Best Practices

Call to action n n Check out http: //dev 2 dev. bea. com/index. jsp for BEA Web. Logic references Look at http: //openview. hp. com/bea for the Open. View Products Access DRC portal at http: //devresource. hp. com for Web services, SOA, life cycle development tips Look at http: //www. oasisopen. org/home/index. php Rest of it is in the book

J 2 EE Web Services on BEA Web. Logic l by Anjali Anagol-Subbarao

Questions

www. oasis-open. org