Thomas Rischbeck Intermediary Continuum
-
Upload
soa-symposium -
Category
Technology
-
view
1.062 -
download
0
description
Transcript of Thomas Rischbeck Intermediary Continuum
Founding Sponsors
This Presentation Courtesy of the
International SOA Symposium
October 7-8, 2008 Amsterdam Arena
www.soasymposium.com
Gold Sponsors
Platinum Sponsors
Silver Sponsors
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 1]
[innovation process technology inc.][www.ipt.ch]
SOA Intermediary Continuum
Dr. Thomas Rischbeck2008-10-08, 10:00
SOA Symposium Amsterdam
[page 2][©2008 ipt | switzerland]
Confusion in the MarketplaceYou might know this book cover …
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 2]
[page 3][©2008 ipt | switzerland]
MOM
IntegrationSuites
MOM: publish-subscribe, loose coupling via queues, JMS API
EAI: Adapters, promise of universal connectivity, QoS, transaction management
WS: WS-platform/management vendors; platform-independent standards for SOA: XML, WSDL, SOAP, UDDI, HTTP
APS: embedded ESB Open SourceXML appliances
MOM-basedESB
EAI
APS
APS+ ESB
XML Appliances
OpenSource
WS-PWS-M Pure-WS
ESB
Source: IEEE Computer Archeology
The Fossil Record:ESB Development Paths
RISK: Consolidation pressure putslong-term viability of vendors at risk
[page 4][©2008 ipt | switzerland]
What is an ESB?
ESB is just a Pattern -IBM
low-cost lightweight alternative to traditional integration middleware -Gartner
A standards-based integration backbone, combining messaging, Web services, transformation, and intelligent routing (2004) -Sonic Software
IDC: The ESB is an open standards-based technology concept that will revolutionize IT and enable flexible and scalable distributed computing for generations to come.
Zapthink: „message-bus with service-oriented interfaces“
Cali-Mero Fio-Rano MOM++
EAI++
An enterprise platform that implements standardized interfaces for communication, connectivity, transformation, and security.”-Fiorano Software
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 3]
[page 5][©2008 ipt | switzerland]
Gartner Hype Cycle
[page 6][©2008 ipt | switzerland]
What is an ESB?
Competition
ConvergenceConsolidationCommodity
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 4]
[page 7][©2008 ipt | switzerland]
Can ESB be standardized? The JBI Attempt …
Targeted at integrationcomponent vendorsJava-only
“Middleware for Middleware”
SunIonaTibcoOpen Source (Redhat, WS02,ServiceMix, Mule)
[page 8][©2008 ipt | switzerland]
Vendor-specific
Services RoutingAquaLogic Service Bus
Data ServicesAquaLogic Data Services Platform
Portal TierWLP
Process Tier WLISecurity Services AquaLogic Enterprise Security
Service RegistryAquaLogic Service Registry
End-to-end Web Services Management
Order ManagementProcess
Service Integration/Routing
Billing InventoryManagement
Mainframe .Net ERPData
WarehouseOracle
Portlet Web App
ServiceRegistry
ServiceRegistry
ServiceRegistry
ServiceRegistry
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 5]
[page 9][©2008 ipt | switzerland]
Integration
Domain
Reference Architecture
Data Exploitation
Operational Data Storage
Data Access
Business Logic
Process
Presentation
Client
Dat
aTi
erM
iddl
e Ti
er
DWH DataMart
DataBase
DataServices
Enterprise Information Integration
Business Services BRMS
ESB – Enterprise Services
Orchestration – Process Services
App / Web Server
Portal HTML
Browser Rich Client
Secu
rity
Registry/Repository
Mon
itorin
g (E
nd-to
-End
)
IdentityMgmt
Access XML Appliance Reverse Proxy
Domain Services
Applications
SharedServices
…
Acce
ss/C
lient
Tier
… …
[page 10][©2008 ipt | switzerland]
Integration
Domain
Reference Architecture
Data Exploitation
Operational Data Storage
Data Access
Business Logic
Process
Presentation
Client
Dat
aTi
erM
iddl
e Ti
er
DWH DataMart
DataBase
DataServices
Enterprise Information Integration
Business Services BRMS
ESB – Enterprise Services
Orchestration – Process Services
App / Web Server
Portal HTML
Browser Rich Client
Secu
rity
Registry/Repository
Mon
itorin
g (E
nd-to
-End
)
IdentityMgmt
Access XML Appliance Reverse Proxy
Domain Services
Applications
SharedServices
…
Acce
ss/C
lient
Tier
… …
1 2
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 6]
[innovation process technology inc.][www.ipt.ch]
ESB Product Types
[page 12][©2008 ipt | switzerland]
Do you really need an SOA Intermediary?
SOAP as enterprise messaging backboneDumb Network, Intelligent EndpointsSOAP as unified messaging formatWS* subsumes ESB functionalities:
Reliable Delivery (WS-RM, WS-RX)Transactions (WS-T, WS-BA)Security (WSS)
Central Registry
But:Configuration?Departmentalized Security?Service Sprawl? Monitoring?
P2P SOAP,No ESB
XML AppliancesStand-alone ESB
WS-pureplayESB
APS withbundled ESB
IntegrationSuites
Source: Jim Webber, Thoughtworks
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 7]
[page 13][©2008 ipt | switzerland]
XML Level ThreatsWS “tunnel” through the firewall, allow direct A2A interactionThis opens up Pandorra’s box
Service
Service
Service
Service
Cor
pora
te F
irew
all
Payload SizeRecursive Payload
XML Schema PoisoningWSDL Scanning
SQL/XQuery InjectionDOS Attacks
Replay AttacksRouting Attacks
Malicious Binary ContentXM
L/H
TTP
Data Leaks Service Client
Internal
Service Client
Service Client
Service Client
Service Client
Service
External
[page 14][©2008 ipt | switzerland]
XML Appliances – TCP/IP Layers
P2P SOAP,No ESB
Applicances/XML firewalls
Stand-alone ESB
WS-pureplayESB
APS withbundled ESB
IntegrationSuites
Application
Transport
Network
Link
HTTP, HTTPSFTP
TelnetSMTPLDAPNTP
IP, ICMP, IGMP, IPX
TCP, UDP
Network Interface:Ethernet, Token Ring, FDDIPhysical
Data Link
Network
Session
Presentation
Application
Transport
7
6
5
4
3
2
1
ISO/OSI layers TCP/IP model Sample protocols
Content Service SwitchLayer 4-7 Switches
Switches, Bridges
Router, Layer-3 Switch
Hubs, Repeaters
Devices
SOAP, XML XML Appliances
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 8]
[page 15][©2008 ipt | switzerland]
IBM (ex DataPower) Layer7Cisco (ex Reactivity)Forum SystemsIntel (ex Sarvega)Vordel, Bridgewerx
Finance Sales
ESB1 ESB2
DMZ
XML Appliances
XML Processing at Network BoundariesXML-Threat Prevention, SecurityLoad Balancing, RoutingPolicy Management & EnforcemXML ASICs
But:Asynchronous Delivery?
P2P SOAP,No ESB
Applicances/XML firewalls
Stand-alone ESB
WS-pureplayESB
APS withbundled ESB
IntegrationSuites
[page 16][©2008 ipt | switzerland]
Stand-alone ESBFiorano ESB Sonic ESB
ESB Products
WS-pureplay ESBBlue Titan Network DirectorCape Clear 6 Server Iona ArtixPolarLake Messaging Integrator
Message Queueing (JMS, MOM)Persistence, Reliable Deliverylightweight service containersmulti-step processes(some with BPEL)
Open Source ESBMulesourceWS02 (ex Synapse)Redhat JBossServiceMixIona Celtix
Applicances/XML firewalls
Stand-alone ESB
WS-pureplayESB
APS withbundled ESB
IntegrationSuites
P2P SOAP,No ESB
No native Messaging (JMS)
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 9]
[page 17][©2008 ipt | switzerland]
Integration Suites
Sterling Commerce Gentran Integration SuiteSun SeeBeyond ICAN Suite 5Tibco BusinessWorksVitria BusinessWarewebMethods FabricFujitsu InterstageIBM WebSphere Process ServerMagic Software iBOLT Business Integration Suite
Adapters for legacy applicationsdata transformation tools (EDI, etc)Data reconciliation, multi-step process and composite transactions
Applicances/XML firewalls
Stand-alone ESB
WS-pureplayESB
APS withbundled ESB
IntegrationSuites
P2P SOAP,No ESB
[page 18][©2008 ipt | switzerland]
BEA AquaLogicIBM WebSphereMicrosoft WCF/Biztalk (+ESB Patterns)Oracle SOA Suite/Fusion MiddlewareSAP Netweaver
Application Platform Suites
“All-in-one”application server (service hosting)Portal, Embedded ESBIntegration Suite equivalent
Applicances/XML firewalls
Stand-alone ESB
WS-pureplayESB
APS withbundled ESB
IntegrationSuites
STRATEGY 2: Adapt Integration Infrastructure to Domain Complexity
Increasing Complexity of Problem Domain
P2P SOAP,No ESB
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 10]
[innovation process technology inc.][www.ipt.ch]
Deployment Scenarios
[page 20][©2008 ipt | switzerland]
Deployment ScenariosEndpoint-centric ESB
Capability of the hosting platformMicrosoft WCF: „channeling pattern“
Internet-ESB (ESB as-a-service)Amazon Simple Queueing Services (SQS)
More relaxed QOS-guarantees than JMS Microsoft Internet Service Bus (ISB) – Biztalk Services
Relay services via the Internet and across firewallsSimple workflow & registry support
Application-level ESBApplication-internal SOA to better handle complex appsExpose a subset of functionality to the outsideConsume functionality from the outside
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 11]
[page 21][©2008 ipt | switzerland]
Deployment Example – Web Portal Data Scrubbing
Parser Attack
XDOS Attack
Legitimate Traffic
SecureSpan XML Data Screen Cluster
Web Services
Portal / Web Service
Source: Layer7
[page 22][©2008 ipt | switzerland]
Deployment Example – B2B Services
SecureSpan XML Firewall Cluster
Service Endpoints
(Secure Zone)
Corporate Identity Server
SecureSpan Manager
Business Partners
SecureSpan XML VPN Client
Internal Firewall
External Firewall
DMZ
Source: Layer7
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 12]
[page 23][©2008 ipt | switzerland]
Deployment Example – SOA Governance
SecureSpan XML Networking Gateway Cluster
Service Consumer with SecureSpan XML VPN Client
Service Consumer with Hard-Coded
Policy
SecureSpan Manager
Web Service
WS-Policy
WS-Policy
WS-Policy
WS-Policy
WS-Policy
WS-Policy
Source: Layer7
[page 24][©2008 ipt | switzerland]
ConclusionESB lives on a scale of SOA intermediariesMarket undergoes consolidation, convergence, competition
product types more and more have the same features (XML appliances, ESB, etc.)
SOA without intermediary neglects security and governance aspects
[21.10.2008]
[©2002 ipt | switzerland germany austria] [seite 13]
[innovation process technology inc.][www.ipt.ch]
Thank you![ipt]
innovation process technology___________________________
Dr. Thomas Rischbeck | it architect
Office ZugBaarerstrasse 14 | CH-6300 Zug
Phone: +41 41 727 25 25 | Fax: +41 41 727 25 26Email: [email protected]