Product Architecture

Scalable, Enterprise-class SOA Governance, Security, Mediation, and Management Infrastructure

SOA Software, Inc. 12100 Wilshire Blvd, Suite 1800 Los Angeles, CA 90025 866-SOA-9876 www.soa.com info@soa.com
Copyright © 2007 by SOA Software, Inc.

Disclaimer: The information provided in this document is provided "AS IS" WITHOUT ANY WARRANTIES OF ANY KIND INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF INTELLECTUAL PROPERTY. SOA Software may make changes to this document at any time without notice. All comparisons, functionalities and measures as related to similar products and services offered by other vendors are based on SOA Software's internal assessment and/or publicly available information of SOA Software and other vendor product features, unless otherwise specifically stated. Reliance by you on these assessments / comparative assessments are to be made solely on your own discretion and at your own risk. The content of this document may be out of date, and SOA Software makes no commitment to update this content. This document may refer to products, programs or services that are not available in your country. Consult your local SOA Software business contact for information regarding the products, programs and services that may be available to you. Applicable law may not allow the exclusion of implied warranties, so the above exclusion may not apply to you.

........................................4 3...7 Policy Manager .................3 Network Director .2 3..9 Web UI Console .............................................................................1 3.... Inc...........................5 3......6 3......................................................................................................................1 4................................8 Management Application .............4 Workbench............com Copyright © by SOA Software.........3 3............2 4..................................................................6 Registry/Repository...................................................... 1 ........................................6 4 Central Database ............soa...................... 12 Agent.......................... 14 www............................. 2005................................................ 12 4................ 11 Service Manager ................................................. 13 5 About SOA Software ....................2 Architecture Overview..................................... All rights reserved.............................................. 13 Delegate ................................................................................................................................................................................................................8 Security Application ..........................................Table of Contents 1 2 3 Introduction .............

SOA Software has published the SOA Infrastructure Reference Model into the public domain. Inc. components and standards that make up a successful SOA Infrastructure Reference Model. It provides a product and vendor agnostic view of the architectural concepts. 2005. SOA Infrastructure has two main goals.com Copyright © by SOA Software. and ensure the security and reliability of the services and applications it deploys using the principals and concepts of service-oriented architecture. As the market-leading provider of SOA Infrastructure software products.soa. SOA Software’s Workbench and Service Manager implement a comprehensive SOA Infrastructure solution that follows the reference model defined below. to facilitate and promote reuse for enterprise agility and cost efficiency. 2 . All rights reserved. www.1 Introduction SOA Infrastructure is the set of tools and technologies that an organization deploys to secure and manage services and service-oriented business applications. and to provide visibility into.

components and standards that are required to build effective SOA Infrastructure. It provides a conceptual breakdown of the realization of an enterprise SOA environment into two fundamental layers. although their focus and role is considerably different. monitoring. and messaging platforms – such as Application Servers. It ensures that appropriate policies are enforced by services as they receive messages. www. Inc. and delegates to ensure that the application and messaging layer can access and use the services it delivers.The Reference Model focuses on the architectural concepts. 3 . business applications and services expose interfaces that other business applications and services consume focusing only on the business logic. and Business Process Management engines – reside. applications. In reality these two layers are deeply integrated. and business interface specifications. and that applications send message that comply with the policies that will be enforced by the receiving service. 2005. All rights reserved. mediation. Enterprise Service Bus(es).com Copyright © by SOA Software. proxies. In this layer. This separation between these layers is critical to ensure the true loose-coupling of services and applications that is required to achieve the efficiency and agility benefits of SOA. The infrastructure layer provides agents. The application and messaging services layer is where process services. and an infrastructure services layer. governance services to the application and messaging layer. policy management and. This document describes how SOA Software’s Workbench and Service Manager implement a comprehensive closed-loop SOA infrastructure according to the published reference model described above. an application and messaging services layer.soa. The infrastructure layer provides security.

Management.2 Common Architecture Considerations Common architecture considerations are identified as those capabilities required in a comprehensive SOA governance system that are not specific to any one element. 5. predictable and uniform semantics. The Governance System MUST support the UDDIv3. 2005. 6.4. control and admin functions. 1.soa. This helps ensure the interoperability and loosecoupling of the Governance System with other SOA Infrastructure elements. 2. enforcement. validation and conformance. reliability. Security.2. tagging and classifying services and their related artifacts.1. The Governance systems control. management and administration Web Service (WSDL) interfaces SHOULD be designed to provide support for common grammars (verbs and nouns) with consistent. These considerations are intentionally expressed in RFC2119 form to show how they shape the core product architecture. Repository. 3. management. management and administration Web Service (WSDL) interfaces SHOULD consistently leverage and uniformly apply the governance system's lifecycle management. 2. All rights reserved. 4 . mediation. The Governance System SHOULD support the use of WSMetadataExchange for the interchange of metadata artifacts.com Copyright © by SOA Software. policy and audit compliance capabilities. The policy-based run-time management system's control. management and administration Web Service (WSDL) interfaces SHOULD consistently leverage and uniformly apply the policy-based run-time management system's security. Inc. 2. 2. intuitive. The Governance System MUST support the WS-Policy framework and any defined assertions where appropriate. SLA and compliance capabilities. The Governance System MUST include Registry. 4. The Governance System MUST offer WSDL-based interfaces for management. and Intermediary elements. The Governance System elements MUST be deeply integrated to drive a closed-loop as described in the introduction using published standards to ensure loose-coupling where possible.02 specification as a model for categorizing. Management and Security systems' control.3. The Governance. www. 2. The Governance System MUST support the use of a REST-based model for the distribution of metadata artifacts.

WS-MEX. scalable infrastructure applications. All of the central Workbench applications are implemented as standalone. a well understood discipline in most large enterprises. 5 . etc). stateless Java applications that leverage a central database for state management and as a core data repository. All rights reserved.com Copyright © by SOA Software. WS-Policy. WSTrust. WS-Management. This delegates reliability and performance management to the underlying database tier. The interfaces between the distributed and centralized components use industry standards where available (UDDI. metric collection and audit.3 Architecture Overview SOA Software’s governance infrastructure solution consists of 2 products: Workbench provides a centralized set of high-performance. Service Manager provides a set of distributed intermediaries for policy enforcement.soa. 2005. www. The combination of the Workbench and Service Manager delivers a closed-loop SOA governance solution that defines and governs policies that are implemented and enforced at runtime and these enforcement and implementation actions are audited by the governance platform. Inc. reliable. implementation.

2005. and active/passive modes. The deployment model for the products typically reflects the database deployment chosen. implemented and tested to work with common database infrastructure solutions including Oracle. SOA Software’s products are designed. scalable. www. It delivers a set of high-performance. Most large enterprises.1 Central Database Service Manager and Workbench delegate scalability and state management to an underlying database layer. Each of these applications can be deployed in a cluster using standard network load-balancing technologies for exceptional scaling and performance. especially those that have a significant investment in information technology. SQL Server. Inc. They are highly optimized and provide excellent standalone performance characteristics. stateless applications that expose standard protocols where available. and DB2. managed database infrastructure. high-performance.4 Workbench Workbench provides the central subsystems that make up the infrastructure layer. The applications communicate with one another and with the underlying database to provide a comprehensive SOA infrastructure solution. 6 . reliable. All rights reserved. have a well established. The products support active/active. 4.com Copyright © by SOA Software.soa.

The flexibility of this registry/repository model is shown in the multiple ways different applications and platforms can and will consume the stored and managed data. All rights reserved. The registry/repository application provides multiple different interfaces into the same core set of data.com Copyright © by SOA Software. Inc. The Workbench console application described below offers a powerful user interface combining advanced UI technologies and design techniques to deliver an exceptionally powerful and easy to use SOA Governance portal. and implement policies for governed services. and other metadata. Policy.4. Publish. 2005. The core interfaces are the UDDIv3 Inquiry. WS-MetadataExchange. enforce. and to discover.soa. and REST. WS-MEX provides a standardized mechanism for retrieving WSDL. Each of the interfaces will show a different subset of the data in different ways. The other Workbench and Service Manager applications and components rely on it to find and communicate with their peers. 7 . and the REST API provides an overarching mechanism for managing the complete data set. and Subscription APIs.2 Registry/Repository The registry/repository application provides the cornerstone of Workbench. The UDDI APIs present and manage a structured view of the data defining and categorizing services. www.

service categorization checking. and other key contractual terms. The distributed intermediaries collect alert. Inc. performance charting and trend analysis.4 Management Application The Workbench management application monitors the performance. and publish contracts. It creates and managed WS-Policy documents that describe the expected and required behavior of the services and service operations with which the policies are associated. and distribution capabilities. capacity requirements. 2005. or by adding custom modules created using a published and documented API. These policies include things like WS-I Basic Profile validation.3 Policy Manager The Workbench policy manager application extends the metadata repository described above with advanced policy authoring. usage and message data according to the defined www. and consolidates this information to provide valuable services such as SLA reporting. and usage of services and applications. The set of policies delivered with the product can be readily extended using the XQuery language. the policy manager is used to define.soa. 8 .com Copyright © by SOA Software. Contracts are enforced dynamically by the Service Manager intermediaries. They are XML documents that define the access rights. Contracts define the relationship between a service or group of services and a consumer or group of consumers. WSDL conformance. throughput. governance. performance. and alert and exception management. govern. In addition to its role managing policies. 4. performance requirements. schema conformance and others. runtime policy presence validation. negotiate.4. All rights reserved. It also creates and manages lifecycle compliance policies that validate the static and dynamic metadata for a service.

Microsoft. The Workbench management application is based on the WS-Distributed Management specification. 4.soa. and IBM sponsored harmonization initiative. determine if any actions need to be take. they then use SOAP and REST interfaces to push this data to the management application. and a PKI certificate authority. and will adopt whichever specifications emerge from the HP. 2005. and CA Unicenter. 9 . All rights reserved. It also supports SNMP and EIF for integrating with 3rd party management systems like HP OpenView. The management application processes this captured data to calculate SLA performance. documented Web services APIs for easy integration with enterprise management portals.5 Security Application In this reference model. Inc.com Copyright © by SOA Software. www. distribute alerts. and present real-time and historic charts. It is a token server. It exposes a set of published. the security service serves three purposes.policies for each operation they manage. IBM Tivoli Enterprise Console. an authorization server.

CA SiteMinder. although XACML remains the most commonly discussed and implemented authorization standard. Kerberos. The Workbench security application also provides a built-in PKI solution with the ability to generate and manage public/private key pairs and certificates. and can delegate authorization decisions to external systems like CA SiteMinder. 10 . 2005. The Workbench security application supports a wide range of token types and protocols including WS-Trust for requesting tokens. WS-Security. and SAML. http basic. request content. X.com Copyright © by SOA Software. It can consume a credential. it should then contact the security token service and exchange the cookie for a SAML assertion. import www. https certificates. When the portal needs to request access to a Web service. most likely a SAML assertion in a Web services environment. and IBM TAM. A common use case for both authentication and token exchange in Web services is for the security token server to work in conjunction with a portal to request a username and password from a Web browser user. The Workbench security application provides an XACML compliant authorization server with a service for making decisions about whether a particular request is authorized or not based on a number or factors including user.509. and provide the browser with an http session cookie.soa. Inc. It can delegate authentication decisions to external systems like Microsoft Active Directory. or other sender identifying characteristics. and environmental factors such as destination real-time performance. All rights reserved. and return a token of some description. role. Most authorization servers still implement proprietary APIs. it provides both authentication and token exchange services. and IBM TAM. and others as token formats. request destination.As a security token server. It can use external group information from systems like Microsoft Active Directory and LDAP servers.

The console provides a powerful workflow solution with customizable workflows for service lifecycle management and contract management and negotiation. and Flash. It is a stateless Java Web application that deploys by default into its own self contained container. All rights reserved.6 Web UI Console Workbench provides a powerful web-based UI. 4. security. and monitoring. It supports certificate revocation list checking and uses an XKMS-based model for certificate and key distribution. AJAX. governance. It is a JSR-168 compliance portlet-based application implemented in html. 2005. management. policy management. and distribute these keys and certificates to the processes and applications that need them in real-time. or BEA WebLogic. It can also be deployed into Tomcat.soa. 11 . Inc. The workflows allow for multi-level approvals and offer extensive features around notification and policy compliance checking.externally generated keys and certificates. IBM WAS.com Copyright © by SOA Software. www. The Workbench console delivers a comprehensive integrated user interface for SOA registry/repository.

All the intermediaries provide exceptional performance and scalability with centralized deployment and policy management to ensure true enterprise readiness. They cover the widest possible surface area of applications and offer the broadest and deepest functionality of any SOA intermediaries on the market. 5.1 Network Director The Network Director is a stand-alone smart service router that deploys into the network supporting a wide range of intermediary patterns for routing. Inc. agents for most common service platforms and containers.5 Service Manager Service Manager provides the distributed intermediaries that implement and enforce policy for. routing. Service Manager includes 3 distinct intermediary types. 12 . a router-based (stand-alone) intermediary. offering exceptional performance and scalability combined with unique capabilities for mediation.soa. www. and policy enforcement. 2005. It is fully stateless. All rights reserved. Workbench. and a client-side delegate.com Copyright © by SOA Software. high-availability/load-balancing and others. service virtualization. and provide metrics and audit data back to.

non-invasive deployment options for most common service platforms and containers.soa. . All rights reserved.NET. SOA Software offers agents for most common Java application servers. www.5.3 Delegate The Delegate is a client-side intermediary that deploys seamlessly into consumer applications to abstract the application from the location.NET.2 Agent The Agents deploy into the container to ensure last-mile security and policy enforcement for services. and noninvasive offering complete last-mile policy enforcement including on-board cryptographic operations without having to change any deployed applications or services. Inc. including ESBs and business process management tools. transport. several ESB products and several business process management tools. 13 .com Copyright © by SOA Software. 5. 2005. platform-native. and policies required by the services it will consume. SOA Software offers delegates for Java applications and . The agents are fully functional. and packages the delegate in a wide range of forms with simple.

Inc. All other product and company names herein may be trademarks and/or registered trademarks of their registered owners. 14 . www. a high-performance. Verizon.soa. enterprise-class SOA Governance.6 About SOA Software SOA Software is a leading provider of comprehensive.com Copyright © by SOA Software. SOA Software products provide a comprehensive closed-loop SOA governance solution (Workbench). Inc.soa. and a mainframe Web services solution for CICS applications (SOLA). mediation. please visit http://www. SOA Software. including Merrill Lynch. and Pfizer. Workbench. SOA Software products process over 500 million mission critical transactions a month and are used by the largest Fortune 1000 corporations.com. 2005. security. scalable SOA management and security solution (Service Manager). For more information. SOLA. Service Manager. All rights reserved. and management. and Network Director are trademarks of SOA Software.

Sign up to vote on this title
UsefulNot useful