For the past few years Service Oriented Architecture (SOA) has risen from being a concept promoted by few to become one of the most important architecture styles enterprises are
trying to adopt. Though many of the bases upon which SOA is founded are not new, its link to achieving business results makes it very appealing.
However, as with any new and promising concept, a great deal of excitement is associated with SOA, which could spell trouble for both its promoters and those committed to its adoption. Today there are no shortage of claims from both believers and doubters of its benefits. Many early adopters facing challenges and still missing capabilities needed to support all business needs. The next few years are critical to the success of SOA. To silence its doubters and live up to its high expectations, SOA must evolve and extend to incorporate features from other
emerging techniques and architectures.
A typical question regarding SOA is whether this is something new or revolutionary or whether it is just a new (marketing) hype that will go away pretty soon.
My answer regarding this question is as follows:
SOA does not introduce any new, invented concept. It is a model that brings together existing concepts and practices for a specific set of requirements. You might evensay that SOA is nothing but the application of brainpower and common sense for distributed systems. Look at existing
successful integrated large system landscapes, and you will find all the concepts.
One improvement with SOA might be the fact that Web Services (despite all its flaws) introduces a new standard for interoperability. However, there is another important aspect of SOA, which represents a revolutionary approach different to what we’ve typically seen before the acceptance of heterogeneity. In the past, far too many solutions were based on the idea of homogenization. Yet in systems beyond a certain size, homogeneity is simply not possible.
Homogeneity does not scale, which means that any approach that requires homogeneity will sooner or later fail. Accepting heterogeneity changes the way we design large systems landscapes. This mental shift might be a small step, but it can have dramatic consequences (similarto agile programming, which accepts that requirements change instead of trying to fight against this fact). Based on this I definitely think that there is a future for SOA (just
as there is a future for brainpower ;-).
However, that doesn't mean that SOA is easy. There are places where SOA is appropriate and places where it is not.
And in practice you have to deal with SOA appropriately. You have to find the right level of loose coupling, have to make a lot of important design and architectural decisions and have to set up appropriate processes and organizational structures. Technically, I have seen in my projects (having the size of up to 10 million service calls a day) two major technical problems:
First, there is a tradeoff between performance and reusability.
Second, testing becomes incredibly difficult because due to the distribution of the processes
you have to prepare for distributed testing which implies that all stake holders have to prepare corresponding test data and that the infrastructure (the enterprise service bus) becomes your debugger.
To summarize:
If you can avoid distributed business processing avoid it, but if you have the requirement of dealing with business processes distributed over multiple heterogeneous systems
with different owner, SOA principles are the only way to be able to be successful and still be flexible.
About Me
- Ayaaz Khan
- I have join IT industry in 2000, and now got 8 year of experience in Microsoft technology from vb 6 to .net 3.5 Currently working as Principal Software Engineer in AOS Pvt. Ltd I have achieved MCTS and PMP certification
9 comments:
I have read Ayaz article and i appreciate his comments especially about SOA testing but i would suggest that ayaz should write somthing about security in SOA and how we will tackle that using SOA?
like somthing about security based service oriented architecture as this would make the base for SOA to be used in ERP and CRM and another interesting topic to listen from him would be itegration of SOA with other arcitectral style like if i have two different project one is following SOA and other is traditional client server or n-tier archtitecture style what would type of risks would be involved in that situition?
another question would be can i introduce my data base as a layer?
i would love to listen ayaz on these question and would like him to share his experience ans knowledge
Its very informative article and I could not agree with you more. And it is the fact that despite of all the progress in IT we still have to use SOA If our client is using hetrogenious OS becasue SOA basically all about XML and we W3C school and IEEE recommends using XML for the hetrogenious OS. Even any system which can read notepad's simple text file can understand the XML.
Security is no longer an Issue becase of the induction of too many certificates etc. Also If we cant afford Certificates then we have the other options too like using different algorithm. And the intigeration of the web services in any kind of existing application is also not a rocket science. There are alot of different practical example in which we are using Services in existing application like weather sevices web services, Quote of the Day web services, Latest Stock exchange rate from Chicago stock exchange etc..
I need some information regarding these:
what is "Security Assertion Markup Languag (SAML)"?
What are XML encryption and XML signature and what are their purpose?
shahid you are not supporting SOA if you again read your comments you clrearly restricted SOA to hetrogeneous OS and for more details please have a look and try to find the % of teches using hetreogeous OS right now i am not concerned about 2025
as for as security is concern i can simply implement SSL or any other certificate but this is wrapper why not my architecture should have these things by default same is answer for your algorithmic solution suggestion think in a broder vision i want my architecture to be secure rather then having patches
my next question was regarding use of SOA for application like ERP and CRM
another was the integration of complete application you are giving me examples from website what about application developed large user data bases having no services exposed therefore i raised the question that can i introduce my db as service
i would love to listen from ayaz
I never restricted SOA to only heterogeneous. I said that if we have heterogeneous OS then we have no option other than SOA, It does not mean that SOA is restricted to heterogeneous. If SOA can address Heterogeneous OS then it is obvious that It should work with homogeneous OS too. Examples can be found any where. Like I can expose my different behavior to clients having same OS. But usually people avoid using SOA for the homogeneous OS. The thumb rule is that use SOA when you don't have any kind of control to the receiving end. If both end of communication are in your control then don't use SOA. Why? because of the performance issue. But when you don't know any thing and don't have control on the other end of the communication then you have to USE SOA and have to compromise on performance.
As for as the security is concerned in application framework rather than injecting some other stuff like SSL and algorithm then in our framework we can use Security Assertion Markup language (SAML), but at the moment no IDE is providing built in feature to secure the services. That is why we have to use Algorithm to secure the SOA.
As for as SOA in CRM and ERP solution are concerned then its answer depends on the architect of CRM. Some CRM are designed in such a way that any kind of web service can be embed in it in no time (i.e. they are just Plug and Play).
I am also waiting for the reply of Ayaz khan.
Well Ahmed thanks for your questions i think the question regarding "SOA security" issue is itself an important topic so i will definitely start a thread for that as well.
Well before say something about integration between SOA and N-Tier i want to clear one thing that basically n-tier architectures are use for large application so that we distribute them on different processes for better performance and scalability. Whereas SOA is not an application architecture it is more likely an enterprise architectural style to reduce redundancy.
SOA doesn't focus on individual application architecture. It focuses on encapsulating discrete functionality into services.
SOA and n-tier architectures have one thing in common they focus on separation of concerns. Now come to your question about integration between n-tier and SOA so i will give you an example , lets assume we have 3-tier architecture PL=presentation layer, BL= business logic layer and DL = Data access layer) now as our BL play a major role to full fill clients and other systems demand. This architecture work fine but if you start to work BL for remote invocation then your performance will die. So to overcome this problem we will need to introduce a new layer. First you have to change your layers so that they behave like services and called Entities (or something else if you prefer ) and copy all the classes of your BL that are part of the domain model to it. Next, remove all methods from those classes.
So, you now know how to get data to your service, but its still a layer. So lets change the layer to a service. A service has a single point of entry, allowing only method calls. I think it is simple isn't it :)
The Service Oriented Architecture (SOA) builds on top of the 3TA and addresses its shortcomings. SOA looks the application silos as set of services. Services implement some kind of functionality and are used by applications and other services. Services communicate between each other and with applications by exchanging XML documents.
Comparing SOA to 3TA, SOA applications correspond to the 3TA presentation layer, while SOA services correspond to the 3TA business logic and data layers.
With SOA, all the complexity of the system is encapsulated in coarse grained services and applications are kept extremely simple. In fact, the only concern of applications is to display XML data they get from services and to send XML data to services based on user input.
SOA completely separate the presentation layer from other layers.
SOA break down the other layers in coarse grained functionality to make services.
Services exchange XML document to communicate with other application or srevices
so as per your comments it seems that i have to change my n-tier architecture with the induction of new layer called services else i can not integrate it with my application based upon services oriented architecture correct me if i am wrong
hey... i really liked ur blog,.. its quite informative...
i wud like to discuss some issues im having ... can i have ur contact email address where i can reach u???
u can mail me at farahsaeed04@hotmail.com...
looking forward for your response.
Post a Comment