We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKimberly Murray
Modified over 5 years ago
Bringing Visibility and Control to Net Centric Systems Approaches for Runtime Governance of Net Centric Systems © 2007 AmberPoint, Inc. John Emerson Vice President, US Federal AmberPoint, Inc.
© 2007 AmberPoint, Inc. 2 Topics Net Centric Environments ESM across the Lifecycle Visibility Synchronizing with Other Governance Systems Policy Management Service Level Monitoring and Management Exception Management Security Validation Case Studies Q&A
© 2007 AmberPoint, Inc. 3 Wide Variety of Net Centric Infrastructure EJB Applications Mission Specific Services MQ-based Warehouse DBMS Enterprise Service Bus Materiel Order Service Agency Portal External Agency Service 1 External Agency Service 2
© 2007 AmberPoint, Inc. 4 Agency Portal EJB Applications MQ-based Warehouse DBMS External Agency Service 1 External Agency Service 2 Enterprise Service Bus Wide Variety of Vendors Mission Specific Services Materiel Order Service
© 2007 AmberPoint, Inc. 5 New Types of Problems Full Picture? Map and Monitor? Everything Seems to be Up & Running (Green Lights), but the users are calling the Help Desk claiming that they arent getting service Non-Responses and Corrupted Responses Debugging Distributed Systems How do you lock down Security at the Endpoint? How do you Validate new versions of Services that are Shared across dozens of applications? Application Issues, not Operations Issues
© 2007 AmberPoint, Inc. 6 The Role of Enterprise Service Management Traditional Management Tools and Techniques will not solve these new issues. Traditional Management is an Operations Problem. ESM (SOA Management) is an Application Problem As a Result, the Enterprise Service Management system will be Monitored by your Operations Staff but Used by your Development and Tier II/Tier III Staffs To solve problems that they would otherwise have to write complex code and dig through logs to fix.
© 2007 AmberPoint, Inc. 7 …Throughout the Lifecycle ESM should automate real-time visibility and control at every stage of the SOA lifecycle DevelopmentStagingProduction IDEs Process Tools Business Logic Discovery Runtime Policies Performance Availability Performance Automatically enforce governance Security Logging Diagnostics Validation Capacity Planning Service Levels Discovery Automatically discover rogue services More Policies Performance Availability SLAs Security Logging Audit
© 2007 AmberPoint, Inc. 8 External Agency Service 1 External Agency Service 2 Enterprise Service Management Real-time visibility, control and validation A234235 Visibility, control and validation regardless of SOA infrastructure decisions Enterprise Service Bus
© 2007 AmberPoint, Inc. 9 Keys to Successful ESM Visibility – Knowing Whats Out There and Whats Going On… What services, application flow, and infrastructure are installed and in use Whos using it Is it meeting expectations / obligations Control – Taking Action to Prevent or Correct Issues… Define and enforce runtime policies – make sure proper policies are active Diagnose failures / prevent them Ensuring Integrity – Ensuring Changes Dont Impact the Whole Application Environment… Automatically check for the correctness of the running system Detect and validate changes before they impact users and partners Do This across the Entire Infrastructure And Do It All as Automatically as Possible Reduces risks and costs Automation is the single most important thing that makes SOA scaleable
© 2007 AmberPoint, Inc. 10 Automatic End-to-End Visibility Dynamic discovery of service and supporting components in the wild Web services Consumers Dependencies Application Flow & Transactions Runtime Policies Runtime Metadata Automatically track transactions Non-invasive; no message modifications Feed impact analysis, error detection, etc. In most environments, no single source of information is always right Ensures a complete view of the SOA application environment Intended Design Running Reality Platform Repositories Service Registries Home-grown Databases Enterprise Service Bus
© 2007 AmberPoint, Inc. 11 Enterprise Service Bus Automatic Synchronization with Other Governance Systems Runtime Governance Service Network Services Metadata Policies policies data service contract Services (discovered,changes) Scorecard Information Policies (new, changes) Read Write Publish Changes to endpoints and policies Scorecard metrics Dependencies Discover discrepancies between intentions (design/dev) and reality (runtime) Reality Design vs. Support Federated Information Exchange ? ? ? Runtime Repository Service Levels Discovery Exceptions Policy Mgmt Platform Repositories Home-grown Databases Service Registries
© 2007 AmberPoint, Inc. 12 Policies that follow the WS-Policy Standard Provisioned with a where clause Automatically applies policies based on dynamic attributes and message content. All production services All services in Accounting application All services deployed in WebLogic containers User-defined attributes for services, containers & policies Assignments are reevaluated as attributes change Automatic Policy Provisioning via the WS-Policy Standard where Blue Force Security Encryption all services One-at-a-Time Approach where deployed on WebLogic app servers Logging Profile Based Approach p1 p50 100 svcs x 50 policies 5,000 policy points Load-Bal Weighted Manage system on autopilot where policies are automatically assigned as appropriate. Eliminate production mistakes by reducing manual steps. S1 S2 S3 Sn S5S3 S1S6S4 S2
© 2007 AmberPoint, Inc. 13 Service Level Management Service- and Mission-level Visibility Service View Alerts Historical Reporting Enforce agreements based on Mission-Specific criteria Gold users, Warfighters in Battle, First Responders, etc. Granular visibility – groups, users, services, operations Preventative and corrective actions User Summary and Objectives
© 2007 AmberPoint, Inc. 14 Real-time Monitoring of Mission Centric Processes Probe Applications for Inconsistencies Expected Delivery Disconnect Alert Check transaction progress and correctness Does not need to be synchronous or see every step
© 2007 AmberPoint, Inc. 15 Exception Management Stop Digging through Logs! Technical Faults Mission-Specific Exceptions Process Flow - Exception context - Response times Mission-specific visibility using exception content and context Ex: External Agency Services failure Alert when no order confirmation within 3 minutes after completion Visibility in operational issues – services, transactions, operations, messages SOAP faults, database errors, etc. System Mgmt Machines App Servers Network Augments System-level View Drill into Exception Content & Context Agency Portal Materiel Orders Warehouse Red Force Tracking Shipping Partner External Agency
© 2007 AmberPoint, Inc. 16 Firewall Security First- and Last-Mile Enforcement First-Mile Security -Client-side agent -Automatic enforcement of out-bound security Last-Mile Security -Plug-ins provide endpoint protection -No ability to circumvent Extensive Integration -Identity Management Systems -Security Appliances -App Server / ESB / OS Security John Smith <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> A23B45C56 <Encrypted Type='http <CipherDa <Cipher </Ciphe Security Policies -Authentication -Authorization -Credential Mapping -Censorship -Crypto Shipping Partner Red Force Tracking Service Logistics and Materiel Agency Portal Blue Force Tracking Service Identity Management Systems Client Application
© 2007 AmberPoint, Inc. 17 Check SOA Services & Application Integrity for… CodeIs the new version backwards compatible? Policy If we institute this new governance policy (security, routing, etc.), will it break dependent applications? Usage What will happen if our usage doubles? Triples? Quadruples? Infrastructure Will an OS security patch break my system? How will introducing a load-balancer change my capacity? Type of Changes Functionality Does the service produce the same responses as last time? Quality of ServiceAcceptable performance and throughput? Impact of Change
© 2007 AmberPoint, Inc. 18 The SOA Validation Problem System Integrity Always at Risk Service reuse creates dependencies Impact of any changes ripple throughout the system Real impact of planned changes is hard to predict Impact of unplanned or unannounced changes can be devastating Yet, it quickly becomes impossible to setup and replicate all dependent systems for testing elsewhere 18 Agency Portal Warehouse Blue Force Tracking Red Force Tracking Shipping Partner A Change Here May Impact Everyone Need way to continuously check for integrity – both in staging and in production Materiel Orders
© 2007 AmberPoint, Inc. 19 SOA Validation Safe environment to validate changes before deployment Agency Portal Warehouse Blue Force Tracking Red Force Tracking USTRANSCOM Changes to: -Code -Policy -Usage -Infrastructure Captures requests/responses from all dependent consumers Message content Context – headers, distribution patterns Replays looking for differences in response Capacity planning using real- world message distributions Materiel Orders
Case Studies © 2007 AmberPoint, Inc. Real-World Examples
© 2007 AmberPoint, Inc. 21 Rapidly Becoming the SOA Runtime Governance Standard in the US Federal Government ESM Product of Choice, DISA Net-Centric Enterprise Services (NCES) Working with DISA for 3+ years to define ESM Services under NCES Program NGA GeoScout Program Intelligence Community – Multiple Installed Projects US Transportation Command – GTN Modernization Effort Engaged with Multiple Net-Centric Labs, COIs and NCES Pilot Programs JHU APL, MIT Lincoln Labs ASAP ACTD – Integrated Broadcast Service program C2 SSA COI - C2 Community Engaged with all major NCES and Related Industry Organizations AFEI and NCOIF SOA Foundation, ISR, Security Working Groups NIAP Common Criteria Security Certification Only SOA Management Vendor in the Program
© 2007 AmberPoint, Inc. 22 Design-timeRegistry Unapproved Svcs ProductionRegistry Approved Svcs Approval Process 3,000 Developers Different departments / divisions Different priorities and fire drills Different locations NY London Design Dev QA Stage Prod Design Dev QA Stage Prod Lehman Brothers Making enterprise-wide SOA governance pain-free After a year, only 8 registered services Too busy to update the registry No value to the developers
© 2007 AmberPoint, Inc. 23 Uses AmberPoints automatic discovery of running services and dependencies at each stage of their SOA lifecycle Synchronizes with home-grown Asset DB and Design-time Repository Over 100 Services Currently registered (up from 8 previously) Enterprise Architecture now viewed as Enablers vs. Enforcers Changed Culture – Teams now compete to see who can cooperate the most NY London Design Dev QA Stage Prod Design Dev QA Stage Prod RuntimeRepository Discovered Svcs PerformanceErrors/ExceptionsAssetDatabaseMachinesOwnersLocations Design-timeRegistry Unapproved Svcs ProductionRegistry Approved Svcs ApprovalProcess Using Automatic Runtime Governance to Achieve Design-time Governance
© 2007 AmberPoint, Inc. 24 Uses AmberPoints automatic discovery of running services and dependencies at each stage of their SOA lifecycle Synchronizes with home-grown Asset DB and Design-time Repository NY London Design Dev QA Stage Prod Design Dev QA Stage Prod RuntimeRepository Discovered Svcs PerformanceErrors/ExceptionsAssetDatabaseMachinesOwnersLocations Design-timeRegistry Unapproved Svcs ProductionRegistry Approved Svcs ApprovalProcess Using Automatic Runtime Governance to Achieve Design-time Governance
© 2007 AmberPoint, Inc. 25 Service Detail Screen When service was discovered How long service has been up Type of service Link to WSDL Metadata from Asset DB (42 fields) All data can be used in policy definitions Discovered Info Asset DB Info
© 2007 AmberPoint, Inc. 26 NY London Design Dev QA Stage Prod Design Dev QA Stage Prod Opt-in for expanded control Security, load balancing, failover, etc. Dependencies Performance Diagnostics Change Analysis Whats in it for me? A lot. Comprehensive insight without lifting a finger
© 2007 AmberPoint, Inc. 27 Results: Visibility and Cooperation From only 8 registered services after previous approach to 100 registered services in first couple months ROI reporting visible throughout the company Runtime results automatically feed other consoles JMX-based home grown system Internal SOA coordination site HP OpenView Transformed the environment to one where groups were vying to be the ones that could cooperate the most
© 2007 AmberPoint, Inc. 28 Some Other AmberPoint Customers Manufacturing/ Retail Health CareFin. Services International Government Power/Utility Telecom Other
Q&A © 2007 AmberPoint, Inc. John Emerson Vice President, US Federal AmberPoint, Inc. JEmerson@AmberPoint.Com
Presented by Nikita Shah 5th IT ( )
Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc June 7,
Tivoli Software from IBM Storage Resource Management Webcast
The Public Sector and Xtremesofts AppMetrics Working Together to Maximize Application Availability for Government Servants and Citizens Web Site:
C9: SOA Management with Actional® for Sonic™
Ashutosh Pednekar, FCA, CISA, ISA (ICA), LLB (Gen), B.Com. Partner, M P Chitale & Co. November 6, 2007 IRDA – ICAI Round Table Meeting on Insurance Industry.
1 Service Oriented Architectures (SOA): What Users Need to Know. OGF 19: January 31, 2007 Charlotte, NC John Salasin, Ph.D, Visiting Researcher National.
1 Introducing the Specifications of the Metro Ethernet Forum.
Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.
Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
Making the System Operational
Hello i am so and so, title/role and a little background on myself (i.e. former microsoft employee or anything interesting) set context for what going.
Agenda 2 factor authentication Smart cards Virtual smart cards FIM CM
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Service Oriented Architecture for Mobile Applications Swarupsingh Baran University of North Carolina Charlotte.
Database System Concepts and Architecture
CA's Management Database (MDB): The EITM Foundation -WO108SN.
1 Making a Seamless Move to Windows ® 7 Imagine a migration that went so well, nobody noticed.
W3C Workshop, Bedford, MA – February 2007 An Insurance Industry Perspective Making the Web of Services Real.
© 2019 SlidePlayer.com Inc. All rights reserved.