Академический Документы
Профессиональный Документы
Культура Документы
Service Virtualization
Service Virtualization
ABSTRACT
Load balancers, name servers (e.g. DNS), even stock brokerage services are existing examples of virtual services in the worlds of networking and financial services. In the arena of Service Oriented Architectures (SOA), virtual services and their supporting abstraction layer are critical to address the operational, integration,security and life cycle issues that delay and derail SOA deployment and success. This paper will introduce the concept of virtual services for SOAs and provide details of the characteristics of virtual services that enable SOA success.
WHITEPAPER
Contents
Virtualization and Abstraction................................................. 3 Stock Brokerage Services3 Networking Services3 So What is a Virtual Service?..................................................... 4 The Promises of Service Oriented Architecture...................... 4 Loose Coupling at least a minor grail5 Change Happens....................................................................... 5 Service Versioning6 Service Retirement6 New Versions of Standards6 Optional Subsets within Standards6 Increased Sophistication and Governance Requirements7 Every Service Consumer is Different7 Geographical Constraints7 Legacy Implementations8 Virtual Services ......................................................................... 8 Service Abstraction Layer......................................................... 9 Addressing and Location 10 Routing and Filters 10 Data Hiding and Privacy 10 Security Mechanisms 10 Mapping and Translation 10 Transport Mediation 10 Load Balancing and Failover 10 Virtual Service and Policy Control of Application Systems 11 Adding SOA Components....................................................... 11 Getting Started with Virtual Services.................................... 12 For More Information.............................................................. 12
Service Virtualization |
WHITEPAPER
Service Oriented Architecture and Web Services represent a significant opportunity to develop business systems that can adapt to business requirements in a timely and effective manner. However, operational characteristics of real SOA deployments may derail much of the expected return on investment. Service virtualization addresses the critical operational, integration and life cycle issues that can derail or delay Service Oriented Architecture implementations. Without addressing these issues through service virtualization and its supporting abstraction layer, many of the benefits of an SOA are constrained at best and at worst, may not be achieved at all. This white paper is part of a series describing policy, deployment and operational issues and solutions associated with Service Oriented Architectures and Web Services. The overview paper, Architecting the Infrastructure for SOA and XML provides a useful introduction to the broader topic areas.
make recommendations about the likely direction that future trading will take. In this analogy, stock exchanges provide concrete or implemented services; the broker provides a virtual service; and the additional values that we derive are provided by the abstraction layer provided by the stock broker.
Networking Services
Virtual service examples that we are familiar with in the networking world include services such as name servers and load balancers. A name server (e.g. DNS) allows a network node to maintain a known stable name by which it accessed by even when its network address is changed. Changes to the address or location of the node are concealed from applications using the DNS name to access a network node. Application developers do not need to understand how the network infrastructure works, and are not required to include additional complexity in
their code to handle exception events or provide configuration and management. The virtual service is the exposed or published DNS name of the network node, while the implemented service is the physical node being accessed. The abstraction layer provided by the DNS includes value added capabilities such as caching to reduce the cost of name translations. Similarly, a load balancer exposes a single virtual instance of a server identity while supporting multiple instances of the implemented server. The load balancer abstraction layer then provides additional value by distributing the load for the virtual service in various ways across implemented services, or providing fault detection and failover to handle loss of an implemented service. In each of these cases, there is a virtual or exposed service that we interact with (generally through a publication or discovery process), and then instances in various forms of the actual implemented service that supply the physical service. In
Service Virtualization |
WHITEPAPER
addition, in each case, there is an abstraction layer that provides the logic that handles change, or adds value on top of the originally exposed service. The naming service abstraction layer simply makes and distributes changes in addresses. The load balancer abstraction layer takes care of load distribution, fail over and fault detection.
per published interface basis, and may be changed dependant on the associated service consumer needs. A virtual service and the supporting abstraction layer effectively create a container or policy enforcement point where policy can be used to select appropriate options that deal with the variability across service versions, supporting platform implementations, trust domains and organizational structures.
1 It is important to note that the service contract describes the application level interface requirements. This will often be defined using a WSDL description. However, there are many underlying components of the XML stack that are not expressed in this form. Some of these are likely to be covered as various derivatives of WS-Policy are created, but many integration and interoperability challenges will remain for some time to come.
Service Virtualization | 4
WHITEPAPER
they are implemented, but rather how many times a particular service is reused. The high level of reuse of services leads to speedy development of new business systems and in turn to support of business agility. The ultimate goal for many architects implementing loosely coupled services may be measured by the ultimate amount of unexpected or unplanned reuse of a service. An effective, loosely coupled service, deployed at the right level of granularity can be expected to be leveraged in ways that the original designer had not conceived of.2
Change Happens
Loose coupling principals are extremely valuable at the level of an individual service. However, in the process of building a fully operational application system from Web Services, there are many other types of change that must be facilitated, including:
UDDI
Service Contract
Service Consumer
WSDL
WS
DL
Service Implementation
Service Interface
Figure 1 Loose Coupling - Service Interface and Implementation Separation
2 Of course there are security, governance, privacy and a host of other issues that must be resolved in real deployments that constrain this view. However, the value of virtual services and their policy driven abstraction layer is that an enforcement point is provided where control can be maintained and monitored.
Service Virtualization |
WHITEPAPER
Service versioning Service retirement Introduction of updated standards Selection of optional subsets within standards Increasing sophistication and governance requirements Varying service consumer needs Different geographical constraints Integrating legacy implementations
a provider wishes to retire. This leads to an increased support burden on the service provider. To handle this challenge, it must be possible to verify the collection of consumers that may be using a service. Logging and monitoring capabilities in the abstraction layer should provide this information for administrative tracking as well as auditing and compliance reasons. A phased retirement requires that users of older versions be routed to newer versions, with appropriate semantic and syntactic transformations applied as appropriate. Where automatic translation can not be performed, or to handle requests to a service that has been put through end of life, appropriate error responses need to be returned to the service consumers by the abstraction layer.
Service Versioning
Over time, any given service interface is likely to be enhanced or require changes. Current logic says that a new service definition or version can be declared, published to a repository such as UDDI and then located dynamically by the service consumer and then a connection established. However, for many deployments, the location or selection of a web service is done at development time, not run time. This means that the service consumer needs to be recompiled, tested, QAd and deployed in order to deal with changes in the interface. For the provider of the service there is also a growing problem. Multiple versions of an interface and the supporting implementations now have to be supported. It would be preferable in many cases to support multiple virtual instances of a service that map back to a single deployed service interface and implementation. In this case an abstraction layer would handle mapping and mediation and transformation activities to handle the differences between versions. In addition, it would handle filtering on service addresses or message contents and routing messages to the appropriate implemented service.
Service Retirement
As reuse of services becomes more common, the collection of consumers utilizing a given service will grow. Particularly where the consumers are not directly under the administrative control of the provider of the service (e.g. partners, customers, or users from other business units) it is difficult to control how quickly such consumers are moved off early versions of a service that
Service Virtualization |
WHITEPAPER
exchange patters, protocol bindings, or dozens of others. Negotiation of optional subsets will be assisted over time by the WS-Policy framework, but there are many such choices that need to be managed and not enough support at this time. Further, the decisions as to what subsets are negotiated under what sets of criteria should be a policy decision, not left to individual implementers. Polices will change over time, and the next collection of service consumers may require special handling. The service abstraction layer provides a well defined location where policies can be established or modified. As such it also provides a valuable location for monitoring the application of the policy for operational and auditing purposes.
infrastructures. In most cases, this can be handled without changing the implemented service.
Geographical Constraints
For enterprises operating across many geographies, compliance with regulatory requirements can be challenging. Specific regions such as the European Union place particular privacy and other regulatory requirements on the information that is transferred out side of EU countries.
Service Virtualization |
WHITEPAPER
An abstraction layer should provide the facilities to filter and then obfuscate, remove or remap private or sensitive information as it is transferred across these geographic boundaries. This processing may be required on behalf of services offered within a geography to consumers outside of it, or on behalf of consumers with similar requirements.
forward or long lived transaction models supporting ebXML) or FTP (for transfer of large data sets or attachments) is occurring. In, addition, the usefulness of web services deployments is often dependant on effective integration with other infrastructures such as data repositories, enterprise service busses, message queues and identity and access management systems. An abstraction layer should handle the mediation between the various protocols, handling buffering for store and forward mechanisms and integrate with other required supporting infrastructures.
Legacy Implementations
Finally, Web Services and the support of SOA has been evolving over the last five years. There are many implementations of XML over Message Queues (MQSeries, JMS etc.), or XML documents sent in raw HTTP payloads. SOAP itself has been progressively moving from RPC to document oriented mechanisms as a preferred messaging model. Progressively more sophisticated message exchange patterns are beginning to appear. The division between architects and implementers who prefer RESTful as opposed to SOAP based Web Service continues. Adoption of a wider set of protocols such as SMTP (for store and
Virtual Services
A virtual service is the exposed interface that a consumer should connect to. Many different virtual services may be deployed to meet the requirements and changes of the collection of
UDDI
UDDI
Service Contract
V3 SAML
Service Contract
Service Consumer
Service Consumer
V3 Username/ Password
V3 Service Implementation
Service Interface
Service Consumer
V1 Username/ Password
Service Virtualization |
WHITEPAPER
consumers that arise over time. The supporting abstraction layer provides the underlying policy driven mechanisms that allow virtual services to effectively provide the generality required in an operational deployment. It also handles changes in underlying standards or mechanisms to reduce or remove any impact on the implemented back end service maintainers. So, much of the magic that happens that enables virtual services lies in the domain of the abstraction layer. Simply publishing additional interface descriptions is not sufficient; logic and transformation have to be applied to marry the virtual and actual service together. Lets take a look at the capabilities and mechanisms that an abstraction layer should support.
service requirements will be defined using WSDL. However, the use of underlying support capabilities such as the versions or subsets of particular standards in use can not be fully captured at this time. A range of supporting information may be specified describing the linkages, transformations and requirements to deploy the virtual service interfaces. Examples of support information may include: Addressing and location information Routing and filters Data hiding / privacy constraints Security mechanisms Mapping and translation descriptions Transport mapping Load balancing and failover notifications
Figure 3 shows the abstraction layer and functional capabilities. Each of these is worth considering in a little more detail.
Policy Enforcement Identity & Access Control Security Load Balancing V3 Service Implementation
Service Consumer
V3 SAML
V3 Service Implementation
Filtering
Routing
V3 Service Implementation
Login Monitoring
Service Virtualization |
WHITEPAPER
The abstraction layer provides policy based control of the type of authentication credential used and when they are required, how they are mapped and what security transforms (e.g. signing or encryption) are required on particular services or messages.
Transport Mediation
For integration purposes many different types of transport may need to be tied together. Examples may include a legacy XML service that has been deployed over a message queue, or a new consumer that only support the use of XML within HTTP messages and not SOAP. The abstraction layer handles all of the issues required to mediate between the various types of transports.
Security Mechanisms
As a service is invoked by different consumers in different trust domains, a range of different security mechanisms may be applied. For example, internal consumers of a web service may only be required to provide a username and password as an authentication credential. External consumers of the service might have a choice of SAML or X.509 certificates as credentials. Internal use of a service may not require a signed or encrypted payload, but the same information moving across an enterprise boundary may require either or both mechanisms to be applied.
3 Service load balancing and failover operates at a different level to network load balancing. Service load balancing is looking to determine if a given service is operating correctly independent of the network level processing of arriving packets.
Service Virtualization | 10
WHITEPAPER
Service Consumer
Co Ser ns vic um e er
ice er rv m Se nsu Co
Enforcement Point
En
fo r Po cem in e t nt
t en em rc nt fo Poi
Enforcement Point
En
Enforcement Point
Service Consumer
Service Consumer
Service Virtualization | 11
WHITEPAPER
So virtual service interfaces and the WSDL or WS-Policy derived components may be described and published in a UDDI that is accessed by a service consumer. Service discovery would locate and identify the virtual services. SLA management would reference the service interface provided by the virtual interface defined for the service consumer. A workflow manager or business process language engine would operate on the virtual services defined. If an organization has decided that any of these supporting SOA or Web Services infrastructure services is appropriate in deploying an SOA, they continue to operate unchanged. However, all of the supporting abstraction layer benefits discussed above providing a secure, robust, and flexible system enhance these components and the SOA as a whole.
redesign, code, QA and redeploy. For operations staff, virtual services provide a control boundary for applying changes under policy control to support on-ramping new customers or service consumers. It also provides the monitoring points to identify issues that may arise or the need for additional capacity. The Reactivity XML Gateway products are designed explicitly to provide a virtual service model. The gateways provide a virtual service abstraction layer where message transformation, protocol translation, syntactic and semantic mediation and security validation and processing take place. The extensibility, speed and security of the Gateways ensures that this abstraction layer increases the value of services connecting in the SOA. Service contracts and descriptions for implemented services in the form of WSDLs may be imported from a UDDI directory or other sources, enhanced to apply specific policy requirements and then republished as a virtual service interface.
The Gateways act as policy enforcement and monitoring points to allow consistent policy application across all services and to monitor and audit application system behavior. For enterprises beginning to deploy web services, virtual services and the supporting abstraction layer allow fast deployment of early web services to prove the concepts and show a return on investments that supports the business case for continued investment and deployment of web services and SOA.
Service Virtualization | 12