Service Oriented Architecture (SOA) Design

return orientated architecture (SOA) fictional characterIntroductionObjectiveThe goal of a return Oriented computer architecture (SOA) is to achieve re working(a) assets in an agile manner that is aline with the line of descent need of the brass fraction.The SOA Reference Architecture bids guidelines for qualification architectural and murder finales. To that residual it serves as a blueprint for creating or evaluating a answer architecture for different groups deep down the organization. In addition it provides insight and patterns for consolidation the different elements of an SOA as illustrated by the different layers of an SOA.An SOA Reference Architecture is forgeed to answer some of the spot questions and issues encountered while developing a resultant role such(prenominal) asWhat argon the aspects of an SOA as expressed in scathe of layers that need to be considered when intentioning final results ground on SOA principles?What argon the building blo cks needed to admit in each layer of a solution?What are some of the secernate architectural decisions that need to be do when designing a a solution that is based on SOA?Which roles in a project would benefit from using these principles and guidelines?To answer these questions this cata recordue provides the side by side(p)Establishes a viridity dictionary and set of definitions for returnss and SOA.Identifies the different functions of an SOA execution of instrument and define their interactions with each early(a) and with functions after-school(prenominal) the scope of the Rufus plat shit.Provides SOA guiding principles.Defines accordant design and carrying into action crossways aids.Shows when and where to single-valued function SOA technologies.Supports SOA governance.Provides an architectural based design methodology.OverviewThis document presents the layers, building blocks, architectural and design decisions, patterns, options and the separation of concerns needed to design or evaluate an SOA architecture.The architecture consists of multiple comp singlents which are divided into the pursuit categoriesQuality of assistance (QoS)certificateConsumer military control Process desegregation functionInformationInfra social structure disposalMonitoring ManagementCenter of virtuousness (COE)Design Time ElementsComponent ViewDesign Time ElementsDesign-Time Activities are the technical activities, guidelines, and deliverables that allow for everyday development within the SOA and Integration Architecture. Including suffice Modeling and Design introductory Data Modeling polity stipulation advantage Assembly expediency adjudicateing swear out IdentificationService Lifecycle ManagementService Modeling and Design go must be lessoned and designed to sign an extensible plug-and-play model by beingReusable So that other(a) run leverage an quick Service.Composable So that a Service nominate leverage other go.Interoperable So that go s queeze out work with each other.Discoverable To fend for localisation principle independence.To substitute the above qualities, each Service (except for Data and Utility Services) needfully to cave inA well- delimit Service Contract To enable bountiful couple by hiding low-level holdation details from Service Consumers. slash-based vane Services achieve this by specifying a WSDL port wine with XML-based document exchange. delayful meshing Services define a contract with HTTP input signal parameters and JSON/XML-based responses.Coarse-grained So that operations have enough entropy to load d avow out all tasks in a stateless manner.Stateless operations Statelessness (i.e., not maintaining state between invocations) enables a Service to be reused in m both contexts.A way to handle Exceptions to notify its caller if at that backside are problems carrying out an operation.To run across that each type of Shared Service is designed and implemented in a uniform manne r, a SOA Governance team should create SOA Best Practices documents for Service Design, entanglement Service Design, and XML core Design in Designers Guides (i.e., working agreements). Topics would includeService judicial admission and DesignInterface (including Canonical Data model for messages detect division 3.5.2)Policies (see section 3.5.3)SLAs (Service Level Agreements)A description of what the Service doesA description of the Services operations.Best practices for each type of Shared Service ( credit line, Common, Data, Integration, and Utility).Examples showing the expiration between Service-Oriented Design and Object Oriented Design.How to develop a whip weather vane Service (and handle Exceptions).How to develop a RESTful net Service (and handle Exceptions).Canonical Data Modeling (XML)Many organizations have several autonomous packaged and custom developments that have evolved independently of one another(prenominal). Many times, each system has become a system with its own implementation methodology, culture, outgrowthes, concern rules, and vocabulary. Many companies face the problem of using the strain data to enable exercises to communicate in a distri justed systems milieu.Organizations design Canonical Data Models (CDM) to help analyze the message exchange within the organization and with their trading partners. Data is embedded in the basic architecture of any organization. To develop the CDM, an organization must inventory furrow concepts and map the vocabulary into fundamental assembly line concepts. The CDM provides a framework for integrating the disparate equipment casualty for each line of business. The CDM is a catalog of neutral terms specify in an XML Schema, includingEntities in the business domain (e.g., Order, Customer, and so forth)Agreed-upon data structures so that a domain element has a single, common definition.Formatting rules.A CDM defines an organizations data in motion the XML messages exchanged betwe enServices within an attempt.An opening move and its outside(a) trading partners. Many industries have an industry standard (e.g., ACORD, for Insurance, or EDRM for e-Discovery) to define core concepts and define data exchanged between companies.A Canonical Data Model provides the following benefitsAn enterprise tin good exchange data with its business partners.An enterprise can adopt a single onset to exchanging data across all servings the enterprise.The canonical model helps define the interface for each Service (thus hiding the structure of the physical data in the database).Changes to the canonical data model are required only when an entirely in the altogether business concept arises.Policy SpecificationPolicies provide improvement-level meta-data to Web Services consumers. Specifying these policies is an important step in Web Service design, and this is accomplished by attaching policy expressions to the WSDL. Specifically, these policies include hostage measuresT ransport ProtocolAlgorithm (RSA, etc.).Messages credentials/AuthorizationLevel of Service (e.g., Silver, Gold, Platinum, etc.). For example, a Platinum customers breaker points execute on best-provisioned server for better carrying into action (but also at a higher price). cognitive process For example, send notifications if mental swear out for a particular servicing dips below the promised SLA.Auditing For example, begin auditing when a particular serve consumer invokes an operation on a Service.Service AssemblyA channel Analyst first develops a phone line Process draw (using BPMN Business Process Modeling Notation) to model a business exhibit at a business/requirements level. Then, designers and developers create a runtime model in either BPEL (Business Process Execution Language) or JBI (Java Business Integration) toAssemble animate Shared Services into a Business ProcessEnable a BPMS intersection point and/or ESB can run the business process.Designers use MEPs (Message-Exchange Patterns) to model the runtime characteristics of a business process. Typical MEPs includePipes and FiltersContent-based RouterRecipient Listtelegram TapDynamic RouterThese patterns are gaining in popularity and many of the untesteder ESB and BPMS products support possible MEP models. Please see the following for further infoEnterprise Integration Patterns Home PageEnterprise Integration Patterns, Gregor Hohpe, Bobby Woolf, et al.Service scrutiny approximately Shared Services entrust be implemented as Web Services, and it is important to create a Test-Driven Development (TDD) approach to Web Services development becauseDesigners and developers need early feedback on the design, functionality, us superpower, and comeance of each Web Service.QA forcefulness need to be able to hear Web Services. boilers suit quality is very important because each Web Service could be used by multiple consumers.Service Testing includesInspecting Web ServicesDocumentation Gene rating HTML documentation from the Web Service interface.Debugging Show strap/HTTP requests that are sent received over the wire.Invoking Web ServicesGenerating Web Services requests from WSDL to set the Web Service.Simulating/Mocking Web ServicesGenerating building block Tests based on the Web Service interface.Functional/Performance Testing Web ServicesSimulating load conditions.Reporting on performance below load conditions.Commercial products includeEviware soapUI ProiTKO LISAOpen Source products includeEviware soapUI Community EditionWebInjectPushToTest TestMakerPoints to Ponder (for Evaluation)Does the product support both guck and RESTful Web Services? How?Does the product enable you to view SOAP/HTTP messages over the wire?Does the product have a good/usable Web UI to make it easy to test?Can a QA/tester use the product without developer intervention?What level of SOAP, WSDL, and HTTP does the product support?Does the product support an Agile/TDD approach with Unit Tes ts and Mocking?Does the product dumbfound Unit Tests to support Continuous Integration?Can the product pattern load conditions and report on performance/scalability?How much setup is compound?How does the licensing work?Service IdentificationService Identification is one of the key steps in designing a Service-Oriented solution because it defines and identifies high-level Business Services by using the following the following approachesTop cut outAnalyze and model business processes.Design new Services that enable the tasks and activities in the business processes.Bottom UpService-enable existing and applications systems.Create business processes from the Services.Middle OutAnalyze and model business processes.Catalog existing applications and run.Determine which can be Service-enabled.Create Service Adapters.Map tasks and activities from the business processes to existing Services.Create new Services to fill in the gaps.A Middle-out approach is recommend because it takes the b est parts of the other approachesThe bottom-up approach creates isolated silos that dont align with the business.The top-down approach takes a long time, and the enterprise cant postponement for every business process to be specify in order to begin designing and developing Services.A agree approach takes into account the need for timeliness, but also instills enough counterbalance to design Business Services that match up with the goals and objectives from the Business Architecture byTaking a first cut at the Business Services from Marketing materials and meetings with the CMO and other business stakeholders.Starting with only a few Business Processes.Driving toward a thin/vertical excision of functionality based on the business processes.Service Lifecycle ManagementService implementations are software like any other software module or application. As such, they go finished a similar lifecycle. The service lifecycle is show in the following diagram.The lifecycle starts with Service Identification. Services are part of to a greater extremity general business processes. As such, new operate are unremarkably identified by the design of a new business process. This is not the only way that new function are identified neertheless. sometimes services are identified as part of portfolio instruction. This involves analyzing the requirements for a service across the breadth of the enterprise. The level of analysis required for this type of appellative is difficult to gauge and therefore CIBER does not recommend using portfolio management for service discovery at this time.Once a service has been identified, it follows an repetitious development process. Iterative processes use the feedback from subsequent phases to make corrections in previous phases based on lesson learned or issues that whitethorn rationalize up. Services are part of a greater distributed system however and any changes made can have an impact on other development efforts. Therefore it is important to be mindful of the effect change can have even during development of a service.The Service Specification and Design phase green groceriess at a minimum the specification for the service interface. This interface specification includes the semantics and data that the service supports. This represents the contract between the service and its consumers. Diligence should be applied to the design of this interface as changes to the interface have the greatest impact to subsequent phases. Changes to the service interface can impact both clients that may be actual in parallel, implementation of the service, as well as test plans that have been implemented to test the service. This does not mean that a service interface must never be changed once it is designed. Designs are not perfect and in todays IT environment it is not always possible to take the time required to produce an interface definition that is ideal. Therefore it is prudent to put processes in place that ta ke into account that service interfaces may change. Whenever implementing a service take into account that the interface may change to the extent possible to sully the impact of that change. This also applies to the implementers of consumers of the service. In some cases, consumers may want to wait until the service has been through with(predicate) some number of rounds of interrogatory before scratch line their implementation. This allows for some experience to be developed with using the service thereby (hopefully) minimizing the possibility of change to the interface.Once the service has been designed it proceeds to the Service Implementation phase. In this phase the service will be developed based upon architectural standards developed by the university OIT group. Any issues encountered trying to implement the design of the service should be fed back to the designer in order to refine the design if necessary.Finally, service need to be tried before being deployed into proc eeds use. Testing of services involves four autochthonic empyreans of focusSecurity interrogatory is essential to assess the risk of a service with believe to vulnerability, data privacy and data integrity. Tests need to be developed to test boundary conditions which can assess the robustness of the service handling inputs outside the range of anticipated values. Tests should also be created that ensure the service performs as expected based on the roles as defined within the system.Type of TestingDescriptionFunctionalThis area of testing focuses on ensuring the service performs its function according to the requirement of the business process it support. Automated test suites should be developed to perform regression testing to quickly verify functionality during the life cycle changes that may occur.PerformanceThis area of testing focuses on performance characteristics of the service including measurement of time to perform the service and load testing of the service. The outp ut from this type of testing forms the footing of downstairsstanding how to configure and deploy the service in a production environment.InteroperabilityThis area of testing ensures the service adheres to its service specification. Early identification of interoperability issues is key to integration of the service through exposure to university partners and clients. This type of testing is oddly important when the service interacts with multiple data sources and/or systems.SecuritySecurity testing is essential to assess the risk of a service with regard to vulnerability, data privacy and data integrity. Tests need to be developed to test boundary conditions which can assess the robustness of the service handling inputs outside the range of anticipated values. Tests should also be created that ensure the service performs as expected based on the roles as defined within the system. reasoning backwardOne of the to a greater extent important types of testing related to usage of serv ices is regression testing. The more applications that depend on a given service, the more impact a change to that service can have on the environment. As such, when changes are made to services, regression testing must be undertaken to ensure that the service not only supports new or updated functions but all other functions upon which the service relies.Table 1 Service Testing TypesOnce the service is ready it is deployed into production use. At this point the service enters the maintenance cycle as opposed to the development cycle. Services in production sometimes require change. The change may be out-of-pocket to a defect in the system or a request to add more functionality to the service. It is important to understand how this change should be handled based on its nature.Defects that are a result of a fault in the underlying implementation of the service and do not change the expression of the service may be handled by a Defect remedy process. In this case it is desirable t o apply a fix as quickly as possible to the existing service as it may be affecting multiple university processes and causing a disruption to the universities ability to perform its function.Changes that modify the behavior of an existing service or its interface are best handled by identifying a new service or a separate version of the service. In this scenario versions are really new services that are separate from the original. Taking this route minimizes impact on consumers using the original service but can cause a proliferation of services within the enterprise. This may not always be desirable however and some effort should be put into defining conditions under which an existing service in production may be limited (for instance, only one business consumer is affected and the change is well understood). This should be documented so that everyone understands the conditions and ensure that changes are handled in a reproducible manner.Service Withdrawal is the final step of the lifecycle. Eventually services will start ballooning (especially when changing production services leads to the creation of new services) and some services will stop being used. Removing service can be problematic as a service may support multiple business process owned by different colleges and departments. A procedure necessitate to be adopted to define and orderly coitus interruptus of services from the system. Such a procedure may start with disapprove the service (with a note explaining why and some suggestion as to another service to replace it). Secondly, services can be monitored for use and the consumers identified. Finally, if the service is still being used the consumers should be contacted to discuss a solution. This should result in establishing a schedule for the consumers to switch over to another service so that the service may be withdrawn.Consumers of a deprecated service may not have incentive to change. Making changes requires effort and by chance some risk to the consumer. This needs to be recognized when seeking collaborationism from consumers to switch over to another service. In this case it will be necessary to be creative in coming up with a common understanding of the benefit of switching to a newer service so the deprecated one may be withdrawn.Center of Excellence (COE)An online community to move over the SOA Vision.Educate IT and business staff on SOA.Communicate SOA best practices. clear up feedback on how to adapt the SOA Governance process and overall SOA program.Provide support advice for new and ongoing SOA implementations.Provide SOA ResourcesBooksWeb SitesIndustry StandardsQuality of ServiceLoggingMost applications and systems use some form of logging that stores messages to a persistent medium (DBMS, file, etc.). Logging provides the following benefitsTroubleshooting Applications log errors upon failure, and system personnel use this schooling to repair the problem.Reviewing System personnel examine log messages t o check for problems.Auditing Security personnel can review log messages to see what actions a user performed in the system.Debugging Developers generate log messages to debug their programs. identity ManagementIdentity Management is the ability to identify a requestors (person or system) true identity and relationships between people and organizations (groups). The current policies and level of enforcement are expected to continue into Managed Services by using Microsofts Active Directory as the source for identity management.ConfidentialityConfidentiality assures that during carry of the data it was never visible, get atible or viewed other than by authorized recipients.There currently is no vivid Energy or Smart Grid requirement to secure messages for Confidentiality.AuthenticationAuthentication is also done within Microsofts Active Directory and adds authorization policies to the substantiate identity.AuthorizationAuthorization is currently done at the application level. i nside Managed Services (stage MS3) authorization will be performed to determine whether the requestor (person, application, service) is authorized to admittance the requested service, data and even the Managed Data Repository.Integrity / Non-repudiationIntegrity requires that during transport and even as read by the sender there were no unauthorized modifications of the content of the message.Non-repudiation assures the sending service that the receiving service has received the intend message. Current Smart Energy and Smart Grid projected needs do not require message Integrity, but for sensitive messages (time, confidentiality, event, or priority) there is Non-repudiation.ConsumersService Consumers are the end consumer/user of the services provided by an enterprise. The consumer has the flexibility to process and display useful and relevant training provided by Services. Service Consumers access Services through a consistent interface (or contract) opened by that Service. Servic e Consumers can beUser InterfacesB2B ApplicationsBusiness ProcessesUser InteractionUsers can access enterprise services through variety of mechanisms, including penetrations, meshing meshworksites, or PDAs. A electronic network site provides a web-based interface to enable users to perform daily, job-related tasks. A web site leverage the services created provided the organization, as a part of SOA implementation, and do not operate any business logic themselves. The site seamlessly integrates with back-end services (using SOAP/WSDL, REST/JSON) and business processes. The site can be secured by global security policies, but also can include role based hallmark that limits access to only relevant information making it easier to manage.A Portal is a web site that enables users to access passing personalized information and services. It can increase the productivity and effectiveness of employees within an organization through a consolidated view of usable services and informa tion. Typically the site is highly interactive, allowing the user to run a wide-cut variety of tools and functions such as, global search queries, and custom dashboard and progress business scholarship tools. Portals provide a unified entry point to the organization and provide common look and feel all across applications. Portals form the mien end for business processes and custom applications created as complex applications. The site can also be utilized to mash-up other applications or services from third party sites. Wikis, Blogs, RSS feeds, and content can all be made available within the site.A PDA enables mobile users to access enterprise services. wish sites and portals, a PDA has no business logic of its own, but it allows the end user to interact with back-end services by seamlessly accessing the Web Services exposed by an enterprise. However, a PDAs interface and functionality is much more limited than that of a web site because of display and memory constraints.B2B ApplicationsAn organization normally collaborates with external business partners such as suppliers and customers to achieve its business objectives. An external partners B2B application (e.g., a web site or portal) will invoke a Web Service exposed by an enterprise, which in turn executes business functionality on behalf of the client.Business ProcessesA Business Process codifies and streamlines the rules, practices, and business s activities in an enterprise. Business analysts create Business Process Diagrams using the industry-standard Business Process Modeling Notation (BPMN) to document a set of twin(a) tasks and activities that lead to an organizational goal. You can think of a business process as a graphical representation of a Use fictional character (RUP) or User Epic (Agile / Scrum) in that it shows normal and alternate flows along with exceptions encountered during processing. In SOA, a business process coordinates the business services (see section 3.2.1) developed by an enterprise. SOA architects and developers derive business services from the tasks and decision points in a business process diagram.Business logic is used to form business flows as parallel tasks or sequential tasks based on business rules, policies, and other business requirements.Examples of Business Processes includePurchasing a productTime Entry / ApprovalBillingService ProvisioningFor information on tools and products, please the Workflow / Orchestration section (3.4.5).Collaboration ServicesPresentation ServicesPresentation Services define a common set of services to manage interaction with users or trading partners (to the extent this second interaction is needed). Presentation services are provided by web servers, portal servers, and application servers that provide the capability to quickly create the look end of business processes and composite applications to respond to changes in user needs through channels, portals, rich clients, and other mechanisms. Presentation services integrate with other foundational services, such as security (e.g., single sign-on).Users can access enterprise services through variety of mechanisms, including Portals, web sites, or PDAs. A web site provides a web-based interface to enable users to perform daily, job-related tasks. A web site leverage the services created provided the organization, as a part of SOA implementation, and do not contain any business logic themselves. The site seamlessly integrates with back-end services (using SOAP/WSDL, REST/JSON) and business processes. The site can be secured by global security policies, but also can include role based authentication that limits access to only relevant information making it easier to manage.A Portal is a web site that enables users to access highly personalized information and services. It can increase the productivity and effectiveness of employees within an organization through a consolidated view of available services and information. Typically the sit e is highly interactive, allowing the user to run a wide variety of tools and functions such as, global search queries, and custom dashboard and advanced business intelligence tools. Portals provide a unified entry point to the organization and provide common look and feel all across applications. Portals form the front end for business processes and custom applications created as composite applications. The site can also be utilized to mash-up other applications or services from 3rd party sites. Wikis, Blogs, RSS feeds, and content can all be made available within the site.A PDA enables mobile users to access enterprise services. Like sites and portals, a PDA has no business logic of its own, but it allows the end user to interact with back-end services by seamlessly accessing the Web Services exposed by an enterprise. However, a PDAs interface and functionality is much more limited than that of a web site because of display and memory constraints.BI / ReportingBI (Business Intelli gence) / Reporting provides a high-level view of KPIs (Key Performance Indicators) to business stakeholders to enable them to make decisions and manage the business. Examples of KPIs includeEfficiency of business processes.Job Costing.New customers acquired.Sales information by demographic (age, ethnicity, geographic region, etc.).Churn / turnover of accounts by demographic.A BI product uses the information stored in a Data Warehouse to present it to the user. A BI tool (such as Business Objects) uses Key Performance Indicators (KPIs e.g., sales conversion rate, in-force polices, market penetration, for example) to report on data, identify trends, perform data analysis, etc. to enable business users to make decisions and operate the business as expeditiously as possible while advancing a business strategy.BI increases business agility and shortens timeframes for decision-making. It gives companies the ability to identify and anticipate opportunities represented by seemingly unrela ted events. It is a key enabler of strategic and tactical decision making.Commercial products includeIBM COGNOSMicroStrategyO