Adopting, designing, and governing SOA well

SOA Best Practices Digest

Subscribe to SOA Best Practices Digest: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get SOA Best Practices Digest: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


SOA Best Practices Authors: Jason Bloomberg, Hollis Tibbetts, Pat Romanski, Liz McMillan, Lori MacVittie

Related Topics: SOA Best Practices Digest, SOA & WOA Magazine, SOA in the Cloud Expo, Microservices Journal

SOA & WOA: Article

SOA in the Cloud - Monitoring and Management for Reliability

Organizations looking to reduce integration costs are increasingly adopting SOA to maximize to maximize their IT investment

  • Oblix offers COREsv as a comprehensive management product for Web services. The key components of COREsv are a policy manager, policy gateways, policy agents, and a policy dashboard. The policy manager of COREsv extends the identity management process of user-to-application interaction to application-to-application interaction and provides graphical tools to build security in these interactions. Policy gateways act as proxies that intercept inbound requests and implement policy steps in a non-intrusive manner. The policy agents plug directly into a Web service providers toolkit providing a more fine grained control over an application's operations than a gateway. The monitoring dashboard is a graphical tool that collects and displays data from the agents and gateways and executes rules that notify or correct problems based on the data. Oblix provides a custom built agent for TIBCO's Web service tool, BusinessWorks.
  • Actional's Web services management product is "Looking Glass." Its essential components are an enterprise management console, an SOA planner (for analysis and planning) a customizable portal for service and SLA monitoring, and a management and policy server. Looking Glass provides "Service Stabilizers" that can be configured to define compensatory actions in case of failures so that the anticipated or known problems can be automatically handled. A root-cause analysis mechanism in Looking Glass provides a more comprehensive insight into failures and obviates the need to mine log files. Looking Glass excels in both monitoring and management.
  • AmberPoint's AmberPoint Express provides logging, auditing, testing, exceptional handling, and a security mechanism for managing the Web services. Defining service-level objectives is the key to configuring the Web services for monitoring and management by Express. Analogous to the service stabilizers in Looking Glass, the product provides the capability to define compensatory transactions for service level agreement violations.
  • Ensemble by Infravio uses contracts as the metaphor for defining relationships between the SOA provider and consumer. All the monitoring and management actions in the pipeline are terms in the contract. The product provides most of the management functions like logging, reporting, load balancing, versioning, fail over, authentication, and authorization. Ensemble is a management-heavy tool.

It is expected that some of the WSIs will be overtaken by the Web service development toolkit providers like IBM, TIBCO, BEA, and Microsoft in the future as these vendors reinforce their offering of Web services development tools with a management and monitoring stack.

Standards to the Rescue
A number of standards are emerging aimed at improving the manageability and reliability of Web services. These standards address some of the problems intrinsic to the HTTP protocol that make Web services unreliable.

  • HTTP Reliable (HTTPR): An extension of the HTTP/1.1 protocol that offers reliable delivery of HTTP packets. Reliable delivery is "Exactly once" delivery of a message from the client to the server. If the delivery fails the protocol handles the retransmission of the message or reports the delivery failure reliably. A persistent storage is required to store the messages for retransmission. The concept of reliable delivery has been widely used with great success in the messaging world by MOM providers such as TIBCO and IBM. The design of the HTTPR protocol is still a work in progress administered by IETF (Internet Engineering Task Force).
  • WS-Security: Ratified by OASIS as a full-fledged standard in April 2004. The specification proposes a standard set of SOAP extensions that can be used to build secure Web services by providing message integrity, confidentiality, and authentication. WS-Security can be used with a wide variety of encryption technologies. It is designed to be extensible.
  • WS-Reliability: A SOAP-based protocol for exchanging SOAP messages with guaranteed delivery, no duplicates and guaranteed message ordering. It is defined as SOAP header extension and is independent of the underlying protocol. The specification contains a binding to HTTP. There can be four different types of reliable message contracts:
    - Guaranteed message delivery or At-Least-Once delivery semantics
    - Guaranteed message duplicate elimination, or At-Most-Once delivery semantics
    - Guaranteed message delivery and duplicate elimination or Exactly-Once delivery semantics
    - Guaranteed message ordering for delivery within a group of messages

    Routing of messages and transactions is not within the scope of WS-Reliability. The ordering of messages is based on a group id and sequence number. The choreography of "exactly one" and "in order" delivery of message proposed by WS-Reliability holds greater promise than the protocol level reliability enhancements of HTTPR.

  • Web Services Distributed Management (WSDM): WSDM is an OASIS effort and the WSDM technical committee is working closely with the Web Services Architecture Group and the Distributed Management Task Force (DMTF) to incorporate the management work completed by these committees and develop the model of a Web service as a manageable resource.

WSDM and WS-Security are the two key protocols that will influence how we manage Web services in the future. WS Reliability is an effort to boost the reliability of the Web service by defining the QoS in the service call. The underlying protocol should be able to handle the QoS reliability requirements.

Build or Buy?
Chances are that most organizations won't need a comprehensive management solution to Web services. If your deployment hits critical mass (more than 20-30 Web services), you need to evaluate using a monitoring and management solution. The choice is between supplementing what the development toolkits offer with a planned and consistent code base that lays the foundation for management and monitoring or using one of the WS's. Using WSIs can cause some performance degradation in high volume, small message size situations. With larger message sizes, the compression feature offered by WSIs reduces the latency. The graphical nature of WSIs, drag-and-drop tools, and intuitive thinking to configuring contracts or service levels makes the task of monitoring and management easier.

A number of technical committees have been formed to address the deficiencies in monitoring and managing Web services. The future looks much better, especially with the Web service providers planning support for what the technical committees recommend. The monitoring and management services that a Web service provider will offer will serve to differentiate its product from competitors' products.

More Stories By Rajiv Totlani

Rajiv Totlani is an enterprise integration architect with TIBCO Software. He has designed EAI systems using TIBCO?s Messaging, Web Services and J2EE Connector architecture for many of TIBCO's fortune 500 clients. Prior to joining TIBCO, he worked for SABRE in the Airline Software Solutions group where he was responsible for managing their Day-Of-Operations software products.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
brutus9448 07/27/09 02:51:00 PM EDT

Please take a look at a product we are using for Service management and security called JaxView. It is more cost effective and just as comprehensive of any of the products you have in your list. Worth a look

alaghili 07/23/09 09:39:00 AM EDT

Take a look at Web services monitoring and management tool called JaxView. Its cost-effective and very comprehensive