470 likes | 585 Views
ARCH-08 A Common Business Service Approach to Application Development. Anthony Swindells Progress Fellow. Agenda. What are Common Business Services? Examples to get you thinking Design considerations What’s coming in OpenEdge™ to help Next steps. Under Development.
E N D
ARCH-08A Common Business Service Approach to Application Development Anthony Swindells Progress Fellow
Agenda • What are Common Business Services? • Examples to get you thinking • Design considerations • What’s coming in OpenEdge™ to help • Next steps ARCH-08, A Common Business Service Approach
Under Development D I S C L A I M E R D I S C L A I M E R • This talk includes information about potential future products and/or product enhancements. • What I am going to say reflects our current thinking, but the information contained herein is preliminary and subject to change. Any future products we ultimately deliver may be materially different from what is described here. ARCH-08, A Common Business Service Approach
Common Business Services Definition • Non-domain specific related functions that provide the common infrastructure for a modern application • Standard behavior, features and functionality independent of any specific application requirements • Their combined presence determines the nature and style of applications supported • Typically pre-started and always available ARCH-08, A Common Business Service Approach
Common Business Services Some examples “My application needs to restrict client access to its operations and data” “My application is subject to regulatory compliance • “My customers / partners need to customize my application without losing the ability to adopt future releases” ARCH-08, A Common Business Service Approach
Common Business Services Key benefits of the approach • Reduced learning curve • Simplify domain specific code • Focus on “what” not “how” • Reduced cost in medium to long term • Obtain not build option • Improved quality & standards • Maximize scalability and performance • Core capabilities built into architecture ARCH-08, A Common Business Service Approach
Common Business Services and the OpenEdge Reference Architecture Separated presentationand integration layers Common Business Services Non-domain specific functionality abstracted from application Common business logic withadvanced models Data accessabstracted fromstorage A layered view Users Enterprise Services Integration Layer Presentation Layer Business Servicing Layer Data Access Layer Managed Data Stores Unmanaged Data Stores ARCH-08, A Common Business Service Approach
Common Business Services Supporting Terminology Core Business Service Let’s talk the same language Manager exposed externally as a service through service interface Application Support Service Manager User coded 4GL implementation OpenEdge platform implementation ARCH-08, A Common Business Service Approach
Agenda • What are Common Business Services? • Examples to get you thinking • Design considerations • What’s coming in OpenEdge to help • Next steps ARCH-08, A Common Business Service Approach
Common Business Services Typical application challenges “My application needs to restrict client access to its operations and data” ARCH-08, A Common Business Service Approach
Authentication and Authorization Process Client Application Server AuthenticationManager Authenticate AuthenticationSystem Account Check Get Account Data User Accounts Principal AccessControlData AuthorizationManager Application Resources LoginCredentials ARCH-08, A Common Business Service Approach
Common Business Services Typical application challenges “My application is subject to regulatory compliance and I must report on attempted break-ins or fraud. I must prove that audit data has not been tampered with” ARCH-08, A Common Business Service Approach
Candidate Managers: Auditing Audit Policy Manager API Audit Data Manager Policy Data Audit Data Audit Event Manager (schema triggers) App DB Application Data Archive Manager Report Manager Archive Daemon OfflineAuditData AuditReport ARCH-08, A Common Business Service Approach
Common Business Services Typical application challenges • “My Application needs to scale to potentially thousands of concurrent users in a distributed environment” ARCH-08, A Common Business Service Approach
Candidate: Context Management Session ID Authenticated Session User Client Session ID Application AppServer Connect AppServer Connect Managing state Session Information Business Task Login Credentials Context Manager Context DB Context Data ARCH-08, A Common Business Service Approach
Common Business Services Typical application challenges • “All my applications require storage and management of address data” ARCH-08, A Common Business Service Approach
Candidate:Address Management? Core / generic address functions only • Zip code / post code lookup • International address formatting • Address validation • Address type management • Address usage • Address form management • Address storage & retrieval ARCH-08, A Common Business Service Approach
Agenda • What are Common Business Services? • Examples to get you thinking • Design considerations • What’s coming in OpenEdge to help • Next steps ARCH-08, A Common Business Service Approach
Managers Accessed Locally or Through Service Interface Presentation Container Client Side Fn() Authentication & Authorization Session/Context Management Service Proxy Service Container Service Interface Order Mgmt Server Side … ARCH-08, A Common Business Service Approach
Manager Design Considerations • Typically pre-started as single instances • Implemented as black boxes with well defined public API • Encapsulate distributed architecture complexities • Manager is layer aware (e.g. client cache) • Separate deployment / configuration functionality from runtime functionality • Avoid dependencies • Plug and play architecture ARCH-08, A Common Business Service Approach
Clearly Define Manager Roles and Responsibilities Combine managers to provide value • Authentication manager manages authenticated credentials • Must manually pass credentials around, e.g. between client and server • Context manager manages any type of context • If BOTH are present • Register credentials as context • Credentials automatically available when needed • Cache manager does caching • No cache manager, no caching! ARCH-08, A Common Business Service Approach
Design Assistance • Implementing the OpenEdge Reference Architecture on PSDN • Check back often… http://psdn.progress.com/library/white_papers/oera/index.ssp ARCH-08, A Common Business Service Approach
Agenda • What are Common Business Services? • Examples to get you thinking • Design considerations • What’s coming in OpenEdge to help • Next steps ARCH-08, A Common Business Service Approach
OpenEdge Core Business Services Vision Statement “Provide a comprehensive set of common business services that provide the core feature support of a modern SOA based application modeled on the OpenEdge Reference Architecture” ARCH-08, A Common Business Service Approach
OpenEdge Core Business Services Core Services • Auditing (10.1A) • Authentication and authorization (10.1A, 10.x) • Session and context management (10.x) • Configuration and connection management • Localization, personalization, customization • Tighter integration with sonic ESB and services ARCH-08, A Common Business Service Approach
OpenEdge 10.1A Auditing
OpenEdge Database Schema-Trigger Based Auditing Audit Policy Tools Audit Policy Manager API App DB Policy Data Audit Event Manager (schema triggers) Audit Data Manager 4GL Client Application Data Application Code Audit Data Security Manager Archive DB Application Code Archive Manager Report Manager Archive Daemon SQL Client Audit Data OfflineAuditData AuditReport ARCH-08, A Common Business Service Approach
Auditing Architecture Overview DB Tools & Utilities Open Tools 4GL Client Audit Policy Tools (APMT) Application Code Audit Policy Subsystem API App DB Policy Data Audit Event Subsystem Audit Data Subsystem Application Data Audit Data Security Subsystem Application Internal Database Archive DB Application Code Archiving Subsystem Report Manager Archive Daemon SQL Client Audit Data OfflineAuditData AuditReport ARCH-08, A Common Business Service Approach
Auditing in OpenEdge 10.1A Key Value-Add Why use it in place of own solution? • Common built-in auditing for both SQL/4GL clients • Flexible audit policy management • Secure audit data, policy and utilities • Separation of duty • Purposed audit permissions • Verified user identity • Secure utilities and sealed data • Internal audit events (utilities, schema changes, etc.) • Performance, performance, performance • High performance archiving – for enterprise only • Multi-platform ARCH-08, A Common Business Service Approach
Reference Slide Only! Audit Policy MetaSchema Application Data Audit Data Multiple active policies Control by event Id Control by table / CUD operation Policy Data Override individual fields Internal & application defined audit events ARCH-08, A Common Business Service Approach
Reference Slide Only! Audit Data MetaSchema Policy Data Application Data Record client session information Configurable automated audit data with optional context & grouping Audit Data Optional old/new value recording ARCH-08, A Common Business Service Approach
You Could Prepare Now • Move to schema design on previous slides • Develop custom tools • Develop custom reports • Implement audit events with schema triggers for now • Wrapper code in include files • Insert hooks for setting / resetting audit context • Consider where you could use application events and insert hooks • When 10.1A ships • Continue to use custom reports and tools • Remove code in schema triggers for 10.1A clients • Migrate data to official tables ARCH-08, A Common Business Service Approach
OpenEdge 10.1A Authentication in Support of Auditing • Trusted authentication systems / domains • Assert verified identity of real application user • not dependent on _user records • Ability to share a single user authentication • Set the current user-id for • The 4GL Application • A Progress database connection [ & permissions] • Progress Auditing Records ARCH-08, A Common Business Service Approach
OpenEdge 10.1A Authorization • Leverage asserted authenticated user for database CAN-* permissions • Optional runtime CAN-* permission checking • New schema ready for future roles support ARCH-08, A Common Business Service Approach
10.1A Security Schema for Roles Role definition User or role granted use of role Conditional role allocation ARCH-08, A Common Business Service Approach
Future OpenEdgeAuthentication & Authorization • Support for external authentication systems for 4GL and SQL • Plug-in Authentication Modules: • Write your own • Progress supplied modules: • Progress _user table • 4GL • LDAP/Active Directory • 4GL Access Control Lists (ACLs) • Role support ARCH-08, A Common Business Service Approach
Reference Slide Only! Proposed ACL Schema ARCH-08, A Common Business Service Approach
You Could Prepare Now • Leverage role schema design on previous slides • Develop custom tools • Develop custom reports • Encapsulate security checks into APIs for easy replacement • Leverage include files • Move to ACL model for authorization • Encapsulate checking for easy replacement • When functionality available in OpenEdge • Replace interface internals ARCH-08, A Common Business Service Approach
OpenEdge 10.x Context Management Current thinking • Allow context to be shared across application servers and agents • Provide configurable mechanism to persist context – new meta-schema tables • Seamlessly pass context between client and server – by reference or value • Just available when needed, e.g. client principal • Configurable management of context lifecycle, e.g. scope, expiration, etc. • Best practices and guidelines ARCH-08, A Common Business Service Approach
OpenEdge 10.1A Language Changes Relevant to Common Business Services • Support for globally unique ids (guids) • Useful for context management! • See PSDN for interim solution • Pass TEMP-TABLES and LONGCHARS BY-REFERENCE • Remove overhead of managing complex manager data • Remove overhead of customization layers • Object orientated language enhancements • Implement managers as classes • Use interfaces to define public API / compile time checking ARCH-08, A Common Business Service Approach
Agenda • What are Common Business Services? • Examples to get you thinking • Design considerations • What’s coming in OpenEdge to help • Next steps ARCH-08, A Common Business Service Approach
Prepare for What’s Coming • Leverage include files • Central replacement when new core functionality available • Prioritize your effort • Avoid duplication where possible • Avoid hard-coded references • Use logical to physical mapping • Avoid direct references to physical schema • Use consistent schema model as far as possible • Consider API’s • Design generic interface for easy replacement ARCH-08, A Common Business Service Approach
In Summary • Embrace common business services concept • Reduce application complexity • Increase functionality • Don’t wait – start now • OpenEdge 10.1 and future releases will just make things easier • Design for change • New common business services are planned – so prepare now to simplify later adoption ARCH-08, A Common Business Service Approach
Don’t Miss These BOFs… • Common Business Services Birds of a Feather Tue 6:00pm • Auditing Birds of a Feather Wed 8:00am ARCH-08, A Common Business Service Approach
Questions? ARCH-08, A Common Business Service Approach
Thank you for your time! ARCH-08, A Common Business Service Approach