Thomas Rischbeck Intermediary Continuum

Founding Sponsors

This Presentation Courtesy of the

International SOA Symposium

October 7-8, 2008 Amsterdam Arena

www.soasymposium.com

[email protected]

Gold Sponsors

Platinum Sponsors

Silver Sponsors

[21.10.2008]

[©2002 ipt | switzerland germany austria] [seite 1]

[innovation process technology inc.][www.ipt.ch]

SOA Intermediary Continuum

Dr. Thomas Rischbeck2008-10-08, 10:00

SOA Symposium Amsterdam

[page 2][©2008 ipt | switzerland]

Confusion in the MarketplaceYou might know this book cover …

[21.10.2008]



MOM

IntegrationSuites

MOM: publish-subscribe, loose coupling via queues, JMS API

EAI: Adapters, promise of universal connectivity, QoS, transaction management

WS: WS-platform/management vendors; platform-independent standards for SOA: XML, WSDL, SOAP, UDDI, HTTP

APS: embedded ESB Open SourceXML appliances

MOM-basedESB

EAI

APS

APS+ ESB

XML Appliances

OpenSource

WS-PWS-M Pure-WS

ESB

Source: IEEE Computer Archeology

The Fossil Record:ESB Development Paths

RISK: Consolidation pressure putslong-term viability of vendors at risk


What is an ESB?

ESB is just a Pattern -IBM

low-cost lightweight alternative to traditional integration middleware -Gartner

A standards-based integration backbone, combining messaging, Web services, transformation, and intelligent routing (2004) -Sonic Software

IDC: The ESB is an open standards-based technology concept that will revolutionize IT and enable flexible and scalable distributed computing for generations to come.

Zapthink: „message-bus with service-oriented interfaces“

Cali-Mero Fio-Rano MOM++

EAI++

An enterprise platform that implements standardized interfaces for communication, connectivity, transformation, and security.”-Fiorano Software

[21.10.2008]



Gartner Hype Cycle


What is an ESB?

Competition

ConvergenceConsolidationCommodity

[21.10.2008]



Can ESB be standardized? The JBI Attempt …

Targeted at integrationcomponent vendorsJava-only

“Middleware for Middleware”

SunIonaTibcoOpen Source (Redhat, WS02,ServiceMix, Mule)


Vendor-specific

Services RoutingAquaLogic Service Bus

Data ServicesAquaLogic Data Services Platform

Portal TierWLP

Process Tier WLISecurity Services AquaLogic Enterprise Security

Service RegistryAquaLogic Service Registry

End-to-end Web Services Management

Order ManagementProcess

Service Integration/Routing

Billing InventoryManagement

Mainframe .Net ERPData

WarehouseOracle

Portlet Web App

ServiceRegistry

ServiceRegistry

ServiceRegistry

ServiceRegistry

[21.10.2008]



Integration

Domain

Reference Architecture

Data Exploitation

Operational Data Storage

Data Access

Business Logic

Process

Presentation

Client

Dat

aTi

erM

iddl

e Ti

er

DWH DataMart

DataBase

DataServices

Enterprise Information Integration

Business Services BRMS

ESB – Enterprise Services

Orchestration – Process Services

App / Web Server

Portal HTML

Browser Rich Client

Secu

rity

Registry/Repository

Mon

itorin

g (E

nd-to

-End

)

IdentityMgmt

Access XML Appliance Reverse Proxy

Domain Services

Applications

SharedServices

…

Acce

ss/C

lient

Tier

… …


Integration

Domain

Reference Architecture

Data Exploitation

Operational Data Storage

Data Access

Business Logic

Process

Presentation

Client

Dat

aTi

erM

iddl

e Ti

er

DWH DataMart

DataBase

DataServices

Enterprise Information Integration

Business Services BRMS

ESB – Enterprise Services

Orchestration – Process Services

App / Web Server

Portal HTML

Browser Rich Client

Secu

rity

Registry/Repository

Mon

itorin

g (E

nd-to

-End

)

IdentityMgmt

Access XML Appliance Reverse Proxy

Domain Services

Applications

SharedServices

…

Acce

ss/C

lient

Tier

… …

1 2

[21.10.2008]



ESB Product Types


Do you really need an SOA Intermediary?

SOAP as enterprise messaging backboneDumb Network, Intelligent EndpointsSOAP as unified messaging formatWS* subsumes ESB functionalities:

Reliable Delivery (WS-RM, WS-RX)Transactions (WS-T, WS-BA)Security (WSS)

Central Registry

But:Configuration?Departmentalized Security?Service Sprawl? Monitoring?

P2P SOAP,No ESB

XML AppliancesStand-alone ESB

WS-pureplayESB

APS withbundled ESB

IntegrationSuites

Source: Jim Webber, Thoughtworks

[21.10.2008]



XML Level ThreatsWS “tunnel” through the firewall, allow direct A2A interactionThis opens up Pandorra’s box

Service

Service

Service

Service

Cor

pora

te F

irew

all

Payload SizeRecursive Payload

XML Schema PoisoningWSDL Scanning

SQL/XQuery InjectionDOS Attacks

Replay AttacksRouting Attacks

Malicious Binary ContentXM

L/H

TTP

Data Leaks Service Client

Internal

Service Client

Service Client

Service Client

Service Client

Service

External


XML Appliances – TCP/IP Layers

P2P SOAP,No ESB

Applicances/XML firewalls

Stand-alone ESB

WS-pureplayESB

APS withbundled ESB

IntegrationSuites

Application

Transport

Network

Link

HTTP, HTTPSFTP

TelnetSMTPLDAPNTP

IP, ICMP, IGMP, IPX

TCP, UDP

Network Interface:Ethernet, Token Ring, FDDIPhysical

Data Link

Network

Session

Presentation

Application

Transport

7

6

5

4

3

2

1

ISO/OSI layers TCP/IP model Sample protocols

Content Service SwitchLayer 4-7 Switches

Switches, Bridges

Router, Layer-3 Switch

Hubs, Repeaters

Devices

SOAP, XML XML Appliances

[21.10.2008]



IBM (ex DataPower) Layer7Cisco (ex Reactivity)Forum SystemsIntel (ex Sarvega)Vordel, Bridgewerx

Finance Sales

ESB1 ESB2

DMZ

XML Appliances

XML Processing at Network BoundariesXML-Threat Prevention, SecurityLoad Balancing, RoutingPolicy Management & EnforcemXML ASICs

But:Asynchronous Delivery?

P2P SOAP,No ESB


Stand-alone ESB

WS-pureplayESB

APS withbundled ESB

IntegrationSuites


Stand-alone ESBFiorano ESB Sonic ESB

ESB Products

WS-pureplay ESBBlue Titan Network DirectorCape Clear 6 Server Iona ArtixPolarLake Messaging Integrator

Message Queueing (JMS, MOM)Persistence, Reliable Deliverylightweight service containersmulti-step processes(some with BPEL)

Open Source ESBMulesourceWS02 (ex Synapse)Redhat JBossServiceMixIona Celtix


Stand-alone ESB

WS-pureplayESB

APS withbundled ESB

IntegrationSuites

P2P SOAP,No ESB

No native Messaging (JMS)

[21.10.2008]



Integration Suites

Sterling Commerce Gentran Integration SuiteSun SeeBeyond ICAN Suite 5Tibco BusinessWorksVitria BusinessWarewebMethods FabricFujitsu InterstageIBM WebSphere Process ServerMagic Software iBOLT Business Integration Suite

Adapters for legacy applicationsdata transformation tools (EDI, etc)Data reconciliation, multi-step process and composite transactions


Stand-alone ESB

WS-pureplayESB

APS withbundled ESB

IntegrationSuites

P2P SOAP,No ESB


BEA AquaLogicIBM WebSphereMicrosoft WCF/Biztalk (+ESB Patterns)Oracle SOA Suite/Fusion MiddlewareSAP Netweaver

Application Platform Suites

“All-in-one”application server (service hosting)Portal, Embedded ESBIntegration Suite equivalent


Stand-alone ESB

WS-pureplayESB

APS withbundled ESB

IntegrationSuites

STRATEGY 2: Adapt Integration Infrastructure to Domain Complexity

Increasing Complexity of Problem Domain

P2P SOAP,No ESB

[21.10.2008]



Deployment Scenarios


Deployment ScenariosEndpoint-centric ESB

Capability of the hosting platformMicrosoft WCF: „channeling pattern“

Internet-ESB (ESB as-a-service)Amazon Simple Queueing Services (SQS)

More relaxed QOS-guarantees than JMS Microsoft Internet Service Bus (ISB) – Biztalk Services

Relay services via the Internet and across firewallsSimple workflow & registry support

Application-level ESBApplication-internal SOA to better handle complex appsExpose a subset of functionality to the outsideConsume functionality from the outside

[21.10.2008]



Deployment Example – Web Portal Data Scrubbing

Parser Attack

XDOS Attack

Legitimate Traffic

SecureSpan XML Data Screen Cluster

Web Services

Portal / Web Service

Source: Layer7


Deployment Example – B2B Services

SecureSpan XML Firewall Cluster

Service Endpoints

(Secure Zone)

Corporate Identity Server

SecureSpan Manager

Business Partners

SecureSpan XML VPN Client

Internal Firewall

External Firewall

DMZ

Source: Layer7

[21.10.2008]



Deployment Example – SOA Governance

SecureSpan XML Networking Gateway Cluster

Service Consumer with SecureSpan XML VPN Client

Service Consumer with Hard-Coded

Policy

SecureSpan Manager

Web Service

WS-Policy

WS-Policy

WS-Policy

WS-Policy

WS-Policy

WS-Policy

Source: Layer7


ConclusionESB lives on a scale of SOA intermediariesMarket undergoes consolidation, convergence, competition

product types more and more have the same features (XML appliances, ESB, etc.)

SOA without intermediary neglects security and governance aspects

[21.10.2008]



Thank you![ipt]

innovation process technology___________________________

Dr. Thomas Rischbeck | it architect

Office ZugBaarerstrasse 14 | CH-6300 Zug

Phone: +41 41 727 25 25 | Fax: +41 41 727 25 26Email: [email protected]

Thomas Rischbeck Intermediary Continuum

Technology

Transcript of Thomas Rischbeck Intermediary Continuum