180 likes | 288 Views
March 2006. Bulletproofing SOA. A comprehensive strategy for ensuring a secure, reliable, compliant Service Oriented Architecture. Why SOA?. Promotion of reuse Lower integration costs Business agility Alignment between business and IT. Business Effectiveness
E N D
March 2006 Bulletproofing SOA A comprehensive strategy for ensuring a secure, reliable, compliant Service Oriented Architecture
Why SOA? • Promotion of reuse • Lower integration costs • Business agility • Alignment between business and IT • Business Effectiveness • Agility, responsiveness to market/competitive dynamics • Greater process efficiencies • Deploy resources based on business needs • Cost Efficiency • Reduced maintenance costs • Reduce integration costs • Reduced skills and effort to support business change • Reduce application redundancy • Reduced Risk • Higher level of IT quality • Incremental deployment • Improved payback times
What Does Quality Mean in SOA The fundamental benefits desired from implementing a SOA demand a more comprehensive approach to manage and demonstrate software quality
SOA is Uniquely Different Achieving quality in a SOA requires the organization to behave much different than it has in the past. At the center is a visible quality process. • Visible Quality ProcessNow more than ever transparency in the overall quality process is a must. SOA impacts more people, more processes and more direct revenue. • RolesSOA has cross functional and cross department impacts. Quality must be addressed very early in the process. • TrustSOA impacts both internal and external resources. Trust becomes a critical component for reuse. • AssuranceSecure, reliable, compliant services keeping in mind both the producer and the consumer of the services. Questionable quality will doom the ROI.
SOA Internet Level of Integration ClientServer Mainframe Project Duration SOA Impacts IT Roles Trend 2“Quality” and the quality process is being promoted higher in the organization Trend 1Project durations are shorter with higher levels of integration. Governance Process Design Dev Test Deploy Trend 3Silos are being broken down into smaller cross-functional teams. Those teams have more distributed team members. Trend 4The onus of quality is being distributed in the process. QAs role is split. Analyst Arch Dev QA QA Perform
SOA is Uniquely Different Achieving quality is uniquely different in a SOA. Consistency is a must. A visible, reliable quality process is core to success. • Visible Quality ProcessNow more than ever transparency in the overall quality process is a must. • RolesThe quality process must start earlier and include more people. • TrustIT shops must earn trust. • AssuranceQuestionable quality will doom the ROI. Consistency is the key for adoption and interoperability.
Visibility Quality & Progress A Visible Quality Process Measurable Checkpoints and Control Software Test, Analysis & Governance Visibility Measurement Management Design Develop Test Deploy Control Development Policy Control Code Behavior and Outcomes Visibility of Impact of Changing Components Leverage-able Test Assets Development Lifecycle Processes
Parasoft SOAtest Solution Example: Open a Credit Card Account Consumer Consumer A machine to machine or human interface wants to “open an account.” • Consistency in the service assets.Enforce policies, interoperability • Trust, a visible quality framework Business Process The “open an account” process is initiated. • Automated BPEL testing • Greater business process coverage • Rapid load and performance testing Web Service Layer • Full interoperability validation • Ensure secure services • Test individual service operations • Test use case scenarios • Create regression suites • Manage tests as a “Team” • Visibility of service asset quality Services invoked “Get customer details,” “Account Type” “Locate Record,” “Check Customer Status” Producer Application These services reach into applications. Packaged or Custom Apps. • Is the application reliable for SOA • Automated code analysis • Automated unit testing
Mainframe LegacyAdapters Generic SOA Architecture Security Gateway Test gateway policies by driving positive and negative traffic. Security POCs. Registry SOA Development Governance. Tests incorporate UDDI. • Parasoft SOAtest • SOA Quality Visiblity • SOA testing framework • SOA aware to reduce complexity • Automated policy enforcement • Automated business process testing • Automated scenario testing • Scriptless load and performance testing Orchestration Automated BPEL testing. Graphical construction of scenarios. ESB Test multiple protocols with scenarios to automate test coverage. Emulate endpoints. WSM Test cases can leverage QoS data from WSM. Create test cases for SLA violations. Java / .NET App Servers Automated code analysis. Automated unit testing.Regression testing. Test via emualtion.
Challenges Deploying a SOA • Managing risk • Promoting reuse • Properly addressing security • Organizational alignment • Managing complexity
Impact of Downtime (Risk) Distributed Applications Challenge – Managing Risk Consolidation of application or services for mission critical processes increases the risk of failure. More users are impacted Impact of Downtime (Risk) Reuse of Services
Challenge – Promoting Reuse • Creating an asset that is reusable is easy, promoting reuse is a much different challenge • Aside from granularity, reuse is all about trust • There is no such thing as a “used car”
Develop Architect Test Monitor Need to be able to detect vulnerabilities as early as possible. Challenge - Addressing Security • There is a gap in how WS security is addressed • “Security is not my problem it’s coming from somewhere else” • There hasn’t been a big scandal, yet! • Security is usually bolted-on • Audits are usually performed too late Assumptions GAP Audits
Challenge – Org. Alignment • Fundamental shift in tactical responsibilities • No longer application centric • Business enablement • New paradigm / new focus
Challenge - Managing Complexity • Complexity sneaks up on you • External services increase complexity exponentially • Accidental exposures Risk Eliminated Complexity AutomatedGovernance and Quality Control Services
Tasks to Bulletproof Web Service Java C/C++ .NET Db Message Layer Implementation Layer
Tasks to Bulletproof Web Service Message Layer • Verify Service Description • Verify Policies • Test Web Services Infrastructure • Unit test Service Layer • Business Process Test • Scenario Test • Functional Security Test / Penetration Test • Regression Test • Verify Scalability and Performance Java C/C++ .NET Db Implementation Layer • Code Analysis • Security - Reliability • Performance - Maintainability • Automated Unit/Regression Testing • Component Unit/Regression Testing