SOA tools--virtually bridging the legacy divide, Part 3

The second section of this three-part series, published in the March 2006 issue of KMWorld, detailed nine categories of functionality in which service-oriented architecture (SOA) tools specialize. Those categories include identity and access management, governance, service-oriented management, metadata management, content-aware networking, service consumers, service-oriented process, semantic integration and service-oriented integration. This concluding part highlights a specific SOA tool in each category, to give readers an idea of what vendors are providing in their respective spaces.

Identity and access management

Layer 7 Technologies SecureSpan product suite provides firewalls that screen XML data passed between composite services or across a process; ensures a consistent user context and identity across security and identity domains; and guarantees the security policies that govern services are consistently applied, even as services interact in enterprise SOA environments.

The SecureSpan Gateway provides hardware-based secure firewalls that screen data passed between XML-based services and other services or XML-wrapped legacy applications in external security and identity domains. It also features a Web service gateway that controls, for instance, user access and authentication across domains, and lets administrators perform activities like auditing transactions and routing services across domains.

The SecureSpan Bridge lets administrators, without manual coding, enable activities like single sign-on, identity federation and non-repudiation when Web services interact with client and portal applications across domains.

Security policies are a subset of governance policies that ID management products also control. SecureSpan Manager is a graphical interface that lets administrators, using workflow-like graphical scripting, centrally define, provision, verify and audit security and connectivity policies across domains and then manage them to ensure compliance.

Governance

Daryl Plummer, group VP of software infrastructure at Gartner, says, "Governance is what operates on policy, and policy enables the guidelines of governance to be ensured, but the tools for both are the same." In addition to policy management, governance tools, he continues, could even provide sets of best practices and blueprints for how to set up policies, though few do.

Systinet's Policy Manager stresses policy management--it lets users create, manage and comply with SOA policies. To expedite creation, the product comes with a library of predefined policies and performs management and compliance activities like verifying the validity of WSDL and XML Schema so users can access service registries and obtain services as advertised. Because developers can also create custom policies with familiar programming languages such as Java, training them in new languages or hiring specialized personnel isn't necessary.

The product also lets users manage services throughout their life cycle via a policy verification and approval process and a method for associating policies with services and data in registries based on common standards. As a result, users can share, update and reuse policies as they see fit. That, of course, extends to both designtime and runtime policy governance. Policy Manager also works with Systinet's Governance Interoperability Framework (GIF), a program for promoting interoperability between products from key SOA players in the GIF alliance. Once products are interoperable, Systinet can extend policy management across implementations comprised of different vendors' SOA products and into areas like security, messaging and routing that it does not yet address.

According to Jason Bloomberg, senior analyst with Zapthink, Systinet already has a repository that stores and provides access to SOA metadata like contract and policy metadata. He says Policy Manager now gives the company soup-to-nuts governance capabilities.

Service-oriented management

Management can focus on multiple layers of the SOA infrastructure--for example, services at runtime vs. servers and network operation. AmberPoint focuses on the former--it manages services at runtime in production environments. Among its many capabilities, AmberPoint provides links to all services cataloged in registries throughout the enterprise and automatically locates appropriate services when they are needed so they can be accessed from repositories. It also ensures that the correct policies are applied to each service, so that it behaves the way it's advertised in registries and adheres to security and other behavioral rules when deployed in the production environment. The product tells users which policies apply to which services, posts new and changed policies to registries, and retrieves policies cataloged in registries and enforces them at runtime.

Further, it lets administrators monitor services as they interact as composite services from a map-like console on which users can view a graphic representation of linked services during runtime operation. The console shows the availability and interdependencies of deployed services within the overall SOA service network and the name, location and interdependencies of failed services. That way administrators can readily address those problems if the service doesn't fail over to another service.

Metadata management

Infravio's X-Registry Platform 5 provides an SOA registry/repository platform for managing individual services as they are created, activated at runtime and versioned. The repository interacts with the registry according to commonly used Universal Description, Discovery and Integration (UDDI) specs, and users access and configure both via Web browsers. For instance, in the repository they can store services, configure service contracts, create new versions of services and indicate what users are authorized to use the services. Registries are directories of all an enterprise's services and their different versions. Via the registry, users can catalog, publish, search, demo and download services for easy service deployment and reuse.

The tool comes in three editions. Catalog contains the registry only; IT Governance contains registry and repository with advanced management features; and Partner lets users readily integrate the registry, repository and management capabilities with external portal and intranet environments. Customers can upgrade from Catalog through Partner as their needs dictate.

Content-aware networking

Conformative Systems (recently acquired by Intel) offers an affordable method of processing XML to improve SOA infrastructure performance without duplicating existing hardware or software. As SOAs and Web services proliferate, XML, the prevalent data interchange standard for SOAs, will become an increasingly large percentage of traffic over networks. That is a problem because XML-based data is denser and more format-intensive than other data types. Not only will the overall volume of traffic over SOA-enabled enterprises increase, it will do so at a faster pace than ever before. Companies that adopt SOA, therefore, can either increase the quantity or quality of their data processing equipment--server software and hardware, like database and application servers, and networking infrastructure software and hardware, like routers, switches and firewalls--and run up software, hardware and long-term management costs, or add content-aware, XML-processing software for a fraction of that total cost of ownership. Otherwise quality of service will suffer and companies will risk alienating customers.