img
Jürgen Kress

Jürgen Kress

Biography

As a middleware expert Jürgen works at Oracle EMEA Alliances and Channels, responsible for Oracle’s EMEA fusion middleware partner business. He is the founder of the Oracle SOA & BPM and the WebLogic Partner Communities and the global Oracle Partner Advisory Councils. With more than 5000 members from all over the world the Middleware Partner Community are the most successful and active communities at Oracle. Jürgen manages the community with monthly newsletters, webcasts and conferences. He hosts his annual Fusion Middleware Partner Community Forums and the Fusion Middleware Summer Camps, where more than 200 partners get product updates, roadmap insights and hands-on trainings. Supplemented by many web 2.0 tools like twitter, discussion forums, online communities, blogs and wikis. For the SOA & Cloud Symposium by Thomas Erl, Jürgen is a member of the steering board. He is also a frequent speaker at conferences like the SOA & BPM Integration Days, JAX, UKOUG, OUGN, or OOP.

Contributions

rss  subscribe to this author

Berthold Maier

Berthold Maier

Biography

Berthold Maier works in the T-Systems International department of Telekom Germany as Enterprise Architect. He has more than 19 years experience as developer, coach and architect in the area of building complex mission critical applications and integrations scenarios. Within eleven years as Oracle employee he has held several leading positions including chief architect in the consulting organization. Hi is the founder of many frameworks and take over the responsible for reference architectures around BPM/SOA and Enterprise Architecture Management. Berthold is also well-known as a conference speaker, book author and magazine writer.

Contributions

rss  subscribe to this author

Hajo Normann

Hajo Normann

Biography

Hajo Normann works for Accenture in the role of SOA & BPM Community of Practice Lead in ASG. Hajo is responsible for the architecture and solution design of SOA/BPM projects, mostly acting as the interface between business and the IT sides. He enjoys tackling organizational and technical challenges and motivates solutions in customer workshops, conferences, and publications. Hajo leads together with Torsten Winterberg the DOAG SIG Middleware and is an Oracle ACE Director and an active member of a global network within Accenture, as well as in regular contact with SOA/BPM architects from around the world.

Contributions

rss  subscribe to this author

Danilo Schmiedel

Danilo Schmiedel

Biography

Danilo Schmiedel is one of the leading BPM and SOA System Architects at OPITZ CONSULTING. He has been involved in large integration-, business processes automation and BPM / SOA development projects where he implemented solutions for various customers. His main field of interest is focused on the practical use of BPM and SOA on a large scale. Additionally he works as BPM and SOA project coach. Danilo is a frequent speaker in the German Java and Oracle communities and has written numerous articles about the above topics. Before joining OPITZ CONSULTING Danilo worked as Software Engineer in several international projects. The Leipzig University of Applied Science has awarded his outstanding reputation in 2009.

Contributions

rss  subscribe to this author

Guido Schmutz

Guido Schmutz

Biography

Guido Schmutz works as Technology Manager for the IT services company Trivadis. He has over 25 years as a software developer, consultant, architect, trainer, and coach. In Trivadis he is responsible for SOA, BPM and application integration, and is head of the Trivadis Architecture Board. His interests lie in the architecture, design, and implementation of advanced software solutions. He specializes in Java EE, Spring, Oracle SOA Suite and Oracle Service Bus. He is a regular speaker at international conferences and is the author of articles and several books. Guido is an Oracle ACE Director for Fusion Middleware & SOA.

Contributions

rss  subscribe to this author

Bernard Trops

Bernd Trops

Biography

Bernd Trops is a Senior Principal Consultant at Talend Inc. In this role he is responsible for client project management and training.

Bernd is responsible for all Talend projects within the Deutsche Post and the introductions of new versions and components.

Before Talend, Bernd was a Systems Engineer working on various projects for GemStone, Brocade and WebGain and therefore has extensive experience in J2EE and SOA. From 2003 to 2007 Bernd Trops worked as a SOA Architect at Oracle.

Contributions

rss  subscribe to this author

Clemens Utschig-Utschig

Clemens Utschig-Utschig

Biography

Clemens worked as Chief Architect for the Shared Service Centre, Global Business Services, Boehringer Ingelheim in architecture, master data, service management and innovation.

At the moment he works with holistic enterprise architecture that provides the methodological platform for the new master data management.

He previously worked as a Platform Architect at Oracle Inc. in the United States, where he helped to develop next product strategy as well as the SOA BPM Suite.

Contributions

rss  subscribe to this author

Torsten Winterberg

Torsten Winterberg

Biography

Torsten Winterberg works for Oracle Platinum Partner OPITZ CONSULTING. As a director of the competence center for integration and business process solutions he follows his passion to build the best delivery unit for customer solutions in the area of SOA and BPM. He has long-time experience as developer, coach and architect in the area of building complex mission critical Java EE applications. He is a known speaker in the German Java and Oracle communities and has written numerous articles on SOA/BPM related topics. Torsten is part of the Oracle ACE director team (ACE=Acknowledged Community Expert) and leads the DOAG middleware community.

Contributions

rss  subscribe to this author

Bookmarks



Cloud Computing and SOA Published: March 28, 2014 • Service Technology Magazine Issue LXXXII PDF

Cloud Computing Hype

Why is everyone talking about cloud computing? Drawn-out, expensive IT projects that are planned and implemented without any benefits for the business stakeholders are commonplace. In contrast, cloud computing offers business users the chance to immediately implement services with usage-based billing that are tailored to their requirements, often without the need to consult with the IT department.

However, aspects like security, architecture, availability, and standards are often not evaluated. Cloud consumers find themselves at the mercy of the cloud provider. Scenarios that require changing cloud providers after a cloud provider goes bankrupt, and the associated moving of data and/or applications, have not yet been sufficiently tested. Business continuity should play a key role from the start of a cloud evaluation process.

One of the greatest challenges here is the integration of existing data and systems into the cloud solution. Without integration spanning between clouds and on-premise systems, processes can only be executed in isolation, leading to cloud-specific silos of isolated solutions. Important information for users is not available across processes and systems. Problems that would have occurred in the company's internal IT are now shifted to the cloud provider. To prevent "legacy clouds" or solutions that are hard to maintain, it is important to manage the entire architecture proactively and, in particular, the integration into the cloud. Even if cloud providers want us to believe otherwise, not every aspect of IT can be outsourced to cloud solutions!

img

Figure 1 – Motivations for cloud computing, source: IDC

Cloud Computing Definition and Criteria

Cloud computing is a model for usage-based network access to a common pool of configurable computing resources (e.g. networks, servers, storage systems, applications, and services) that can be provided and used quickly. IP-based services are requested via self-service and used on-line independently. A prerequisite for this is a broadband Internet connection with low latency. The IT resources are bundled into pools and provided as required. Billing is based on the services used.

Concepts in Cloud Computing

In cloud computing, the following models are differentiated on the basis of horizontal scaling:

  • Infrastructure-as-a-Service (IaaS) - provides a hardware platform as a service, such as Amazon EC2
  • Platform-as-a-Service (PaaS) - provides a software platform as a service, such as Google Apps Engine
  • Software-as-a-Service (SaaS) - allows applications and functions to be outsourced by virtualizing cloud providers' hardware and software and providing the functions as services, such as Salesforce CRM [REF-1]

In deployment models, distinctions are made according to availability and installation location. Public clouds are services that are available to the public on the Internet. Private clouds are internal company services. Hybrid clouds and community clouds represent mixtures of these models, such as when Amazon computing power is used in the event of a failure or overload of an internal company cloud application.

Large companies for which IT plays a central role or represents a competitive advantage often build internal company cloud solutions in their own data centers. Small and medium enterprises frequently use public cloud services. A further distinguishing feature is the applications' focus. In the business-to-business segment, private clouds are predominantly used, while the majority of the business-to-consumer segment uses public clouds (Figure 2).

img

Figure 2 – Areas of application of cloud providers

Cloud Computing Challenges-Based on SOA?

The key challenges of a cloud computing solution are security and quality aspects like performance, latency, and availability. Integration, adaptation, agility, and the possible relocation of the solution play a major role during and after the implementation phase (Figure 3).

img

Figure 3 – Challenges in cloud computing, source: IDC

These aspects can be addressed with an SOA-based architecture. As quoted by Anne Thomas Manes, VP and Research Director at Gartner, "SOA is a prerequisite for the cloud."

The National Institute of Standards and Technology (NIST) is the leading organization to define cloud standards. The integration challenge between clouds and how it can be addressed by SOA is one of the key areas. NIST defines the integration between the cloud and on-premise environments as cloud broker services. Cloud brokers are categorized in three different types:

  • Service Intermediation - This type of cloud broker enhances a given service by improving a specific capability and providing value-added services to cloud consumers. The improvement can be management of access to cloud services, identity management, performance reporting, or enhanced security. An example for an intermediation cloud service broker that many of us use on a daily basis is Facebook Connect.
  • Service Arbitrage - This type of cloud broker provides flexibility and "opportunistic choice" by offering a variety of similar services to select from. An example for service aggregation is ComputeNext. The cloud consumer can select the IAAS services of choice, for example HP cloud or lunacloud.
  • Service Aggregation - This cloud broker provides integration between multiple services. The cloud aggregation broker like Dell Boomi ensures interoperability and security of data between the systems. In this article we will focus on the integration aspects of Service Aggregation. [REF-2]

Order-to-Cash Process Example in the Cloud—Why Use SOA?

The necessity of using SOA in a cloud environment should become apparent in this example of an order-to-cash process. In our example, dog food is advertised in Salesforce, purchased via Amazon, and billed in a local finance system. The overall cooperation between sales, logistics, and accounting, and the associated integration of process data plays a key role (Figure 4).

img

Figure 4 – "Pet store" sample process in the cloud

On the side of the business departments, the following questions may be raised during the process: Which products is the customer interested in? Which products have they bought in the past, and which products are they considering? Depending on the customer's credit line, is the delivery prepaid or invoiced? What is the availability and shipment status of the products?

Linking the different cloud systems with the local IT systems is necessary to answer these questions, which have a direct influence on the process. A common metric and definition is required in order to compare the data. It is best practice to establish a master data management (MDM) program that lays the foundation to common access to core entities of the enterprise such as customer, contract, or product. This principle of MDM also applies to cloud-based processes. In our example MDM defines a customer in all systems and therefore the customer can be identified. This integration takes place on multiple levels:

Data Integration of Shared Data via Clouds

At the data level, we differentiate between the concept of data integration at regular intervals and data integration in realtime. Point-to-point integration and data cleansing at regular intervals could include, for instance, the daily data transfer of sales data from the Amazon shop to the Salesforce CRM system. By contrast, data integration for transferring sales data to the accounting system for invoicing is performed in realtime.

Process Integration throughout the Cloud

Effective business processes are changed directly by business departments on an ad hoc basis (according to their rights and roles) in order to satisfy changed requirements. In our example, the marketing department decides to sell products on both Amazon and additional on eBay, motivated by the free-of-charge delivery. For process integration, this means the incorporation of a further SaaS solution into the process flow, based on common data objects. We can therefore use SOA concepts like enterprise business objects, which contain data such as customer definitions, and the enterprise business services, such as the update to a customer file. The various cloud solutions often define these business objects and services differently, which is why a common meta-model that integrates the process is required. The following are required for the object model:

  • application-independent, easy to create and modify
  • scalable and reusable over various cloud solutions
  • support of standards such as UN/CEFACT Core Components Technical Specification (CCTS), Open Application Group OAGIS, ISO 11179, SID

All objects should be held in a common repository and data dictionary. A model designer can be used to amend the objects. In the future for complex objects, a model matcher based on conventions, catalogs, dynamic typologies, and search agents might be used (semantic SOA).

Rules Engines and Task Management in Clouds

Decision rules that can be abstracted in a rules engine can therefore be changed by business users at any time. This is a fundamental aspect for process agility. In our example, a customer's order is not sent until open payment of 150 € is received on his previous order. This threshold can be changed by the business users at any time, for example if the total amount of open invoices is very low or high. Rules engines and task management solutions are used in particular for SaaS cloud applications that are not individually programmed. However, the various cloud applications use different rules engines, so a common standard and an overall meta-model for defining objects and rules could resolve this in the future.

The same applies to task management. If a product was not delivered, customer service intervenes manually and offers the customer free express delivery. The resulting tasks must be performed both in the cloud solutions, such as Amazon, and in the local accounting system. One solution would be the introduction of uniform, service-oriented task management or case processing in a general process portal for identifying and handling processes. The traceability of processes is important here. In our process, this refers to the order status or where the order was lost, and determines who is responsible for the additional shipping costs. The process owner is defined across all clouds. If anything is ambiguous, it ends up in a central error hospital or a clearing house for processes. As an outlook, a centralized cloud service for task management, logging, and an error hospital may be a solution.

Are the Data and Processes in the Cloud Secure?

Security standards play a decisive role in compliance with security provisions over system boundaries:

  • Federated Security and Fraud Detection
  • Authentication (OAuth, WSS, SAML, JAAS)
  • Authorization (XACML)
  • Federation (SAML, WS-Trust)
  • Provisioning (SPML, RBAC)

Every company needs to ask itself whether it can afford to lose complete control over its data, or whether it's better to maintain control. In our process example, the decision was made to shift the CRM and shop customer data to a cloud solution. The accounting data continues to be managed in the company's own data center. For the definition of critical company data and the evaluation of a cloud solution, the following procedure has proven effective:

  • definition and introduction of data life cycles
  • secure separation of critical data, e.g. customer data, virtual data pools, tagging
  • encryption of sensitive data and data services
  • security and recovery concepts, e.g. due to official requirements
  • secure deletion of data
  • definition of the geographical location of the data
  • determination of the owner of the cloud (private cloud/public cloud)

In a SOA architecture, the services are available via IP and can be reused. Protection of critical data and processes starts in the DMZ and is based on an enterprise gateway (Figure 5). Requests are intercepted by the gateway before processing, and the rules (policies) to be applied are checked and forwarded to the Web services virtualization level.

img

Figure 5 – Enterprise gateway

The Web services virtualization level is generally a federated enterprise service bus that routes the call to the correct Web service. The gateway can be also be employed as an XML firewall in the DMZ, and is able to uncover specific Web service attacks and defend against them, including XML content, XML schemas, and DTD, cryptographic, and SOAP attacks.

Incoming messages are intercepted by the gateway, checked using policies, and then processed if necessary. A policy consists of a set of filter criteria that trigger specific actions. These filters are pre-defined and offer various functions, such as checking the size of an incoming message or an authorization. In our example, the size of the incoming message from the Amazon Shop system is checked. If it exceeds the limit, a notification is issued and further processing is halted.

img

Figure 6 – Amazon EC2 cloud management

The gateway can be integrated with a secure token service (STS) in order to use the latter's functionality. In addition, a secure socket layer (SSL) ensures protection of the messages on the transport level.

Governance in the Cloud—Who Owns the SOA Process?

The implementation of company-wide standards plays a central role for both SOA and cloud computing. SOA governance can act as a precursor to cloud governance. The formalization of services and contracts in the SOA architecture serves as a template for formalizing cloud services. Structures and workflows between the business users and the IT department that were established as part of the SOA implementation serve as the basis. For the management of the processes, the attention is on system-wide solutions.

An administration concept rejects or allocates resources to the processes across various clouds and systems. A monitoring dashboards incorporated analytics for both clouds and on on-premise systems. They are incorporated with their existing management tools and notification systems, allowing dependencies of processes and systems to be represented.

In the future, business users receive consistent process information and process monitoring in realtime (business activity monitoring across cloud processes). All available processes are executed in process portals and their recyclability is ensured. Business departments request and use system resources independently. IT continues to have ownership of the IT and is responsible for its management. The usage costs are presented in a transparent manner to the business department based on the process.

img

Figure 7 – Requirements on a cloud platform

SOA and Cloud, Hand in Hand

Companies that are planning to introduce cloud-based services can establish the basis for this through a SOA architecture. As service contracts are formalized, the foundation is laid for SOA and cloud governance. The SOA integration platform plays a key role in integrating the existing application into cloud services and between clouds. Canonical data models combined with ontology and semantics establish the basis for linking data and processes across systems and clouds in the future.

The assets of this integration platform and the cloud solution are managed dynamically, although a multi-tendency capability is required to secure the data. A distinction is made between data access and data management. The security of the processes must be assured across all systems and clouds and implemented throughout the entire lifecycle. Business-critical systems require a highly available, fail-safe, low latency, and scalable platform. Last but not least, upcoming problems are detected and remedied in advance. In the event of any damage, the system can carry out repairs autonomously.

A quote from Paul Fremantle summarizes the motivation for SOA and cloud-based systems: "Cloud-based systems must be built on SOA and modern Enterprise Architecture principles if they are to be effective."

Conclusion

Why is SOA integration and the concept of cloud service brokers key for cloud computing? To answer this question, let's quickly visit IT's history. IT started with custom-built solutions. To start a proprietary hardware system like the Zuse Z10, the operator had to load the proprietary software, including the operating system, on punch cards. In the automotive industry, mass production made cars widely available and the same occurred in the IT industry. Mass production and standardization first separated hardware from software, and continued to create standard layers like operating systems, databases, and middleware.

With service-oriented architecture, components were broken down into services and became re-usable and integrated across multiple platforms. This approach is similar to the platform approach in the automotive industry, where several models share the same components such as engines. Cloud computing is changing the IT paradigm. IT systems are utilized by several users or companies. In our automotive industry example, users no longer buy their own vehicle, but use car-sharing services. The car-sharing company brokers the cars between the different drivers. Similarly in IT, a cloud service broker mediates, integrates, or brokers between different clouds. Existing legacy IT systems that need to be aggregated with new cloud-based solutions or different cloud solutions that need to be intermediated are resolved by the use of a cloud service broker.

Cloud computing can change the IT industry and how IT is used, similar to how oil is being replaced in the automotive industry. Electric cars are becoming more mature and adapted even as we use gas-based cars in the meantime. Where IT is concerned, we will run legacy mainframe solutions on-premise for a long time, while the latest solutions continue to make use of more cloud technologies and SOA technologies becomes the bridge to the cloud.

Links & Literature

[REF-1] Cloud Computing: Concepts, Technology & Architecture, Thomas Erl & Zaigham Mahmood & Ricardo Puttini

[REF-2] F. Liu, J. Tong, J. Mao, J. Messina, L. Badger and S. Leaf, "NIST Cloud Computing Reference Architecture.", p 65. June 2012.

[REF-3] F. Liu, J. Tong, J. Mao, J. Messina, L. Badger and S. Leaf, "NIST Cloud Computing Reference Architecture.", p 65. June 2012

[REF-4] NIST http://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology