5
IBM SOA Architect Summit
Managing and Monitoring
your SOA Environment
A Presentation for the
Enterprise Architect
© 2006 IBM Corporation
IBM SOA Architect Summit
Agenda
 IT Service Management
 Management Touch Points in an
SOA Reference Architecture
 Managing SOA by Managing the
Layers of Abstraction in an SOA
IT Architecture
 Mapping to the IBM Products
3
SOA on your terms and our expertise
IBM SOA Architect Summit
Current State of IT Management
More than 70% of
IT budgets are
currently devoted to
the maintenance
and operations of
existing applications
and systems.
The Yankee Group,
3/05
4
SOA on your terms and our expertise
IBM SOA Architect Summit
Managing Cost and Responsiveness Across IT Silos
Composite Applications Introduce Management Challenges
Desktop
Experts
and Tools
Network
Experts
and Tools
Application
Experts and
Tools
Database
Experts
and Tools
Server
Experts
and Tools
Mainframe
Experts
and Tools
Storage
Experts
and Tools
Availability
Management
Change
Management
www
Security
Management
Information Lifecycle
Management
Labor Cost
Service Level
Management
Release Management
Sense
Existing State
Desired State Through Process Automation
5
SOA on your terms and our expertise
Isolate
Diagnose
Take
Action
Evaluate
Time
IBM SOA Architect Summit
IBM IT Service Management
Built on the SOA Foundation
IBM IT Service Management
IT CRM &
Business
Management
Service
Delivery
& Support
Service
Deployment
Information
Management
Business
Resilience
IT Process
Management Products
Change and Configuration
Management Database
IT Service
Management Platform
IT Operational
Management Products
Best Practices
6
Business
Application
Management
SOA on your terms and our expertise
Server, Network
and Device
Management
Storage
Management
Security
Management
IBM SOA Architect Summit
The SOA Lifecycle
 Discover
 Construct & Test
 Compose
 Integrate people
 Integrate processes
 Manage and integrate
information
 Gather requirements
 Model & Simulate
 Design
 Financial transparency
 Business/IT alignment
 Process control
7
SOA on your terms and our expertise
 Manage applications &
services
 Manage identity & compliance
 Monitor business metrics
IBM SOA Architect Summit
SOA Exposes New Management Pains in Application Lifecycle
Model
Assemble
“I need a service, does it
exist?”
“How can I debug my
production application
without reproducing the
problem?”
“I now have to write a
service – how do I make
sure it works securely
with other services I’m
dependent on?”
8
Deploy
“Some of our services are
used by our partners? How
can I be sure they are
meeting their SLAs?”
“Before I deploy it in
production, how can I be
sure that the service flow
matches the design?”
“Does my new SOA
application meet it
performance goals?”
SOA on your terms and our expertise
Manage
“Which part of the SOA
infrastructure is causing
this service problem? The
app server or the
messaging connections?”
“What’s the root-cause of
this service problem – the
BPEL service flow or the
application?”
IBM SOA Architect Summit
The SOA Management Challenge:
Treat Services as Managed Resources
 Services should be treated as a manageable resources within the
context of systems management
 Traditional disciplines apply so that each service:
–
–
–
–
–
Has a Service Level or Quality of Service associated with it
Can be secured and audited
Can be deployed and configured
Can be monitored and optimized
Can be versioned and deprecated
 Services are subject to ITIL processes for Service Delivery and
Service Support
– Change, Configuration, Availability, Release, etc.
9
SOA on your terms and our expertise
IBM SOA Architect Summit
Why Is SOA Different?
Service
Requestor
Quality of
Service
Service
Capacity
Performance
 What differentiates a
service-oriented
approach are the
service characteristics
Security
Service Provider
 A service not only has a set of calls and responses, it has many other
characteristics: performance, availability, capacity, quality of service and security
 SOA is not only about exposing how you can call a service but also defining a
set of characteristics for how these calls will be serviced:
–
–
–
–
–
–
10
how fast they should respond
when will they be available
who may make various calls
how many calls you can make in a certain period of time
what calls need to be logged
how should calls be routed
SOA on your terms and our expertise
IBM SOA Architect Summit
SOA Reference Architecture
Supporting The SOA Lifecycle
Business
Innovationautomation
& Optimization
Services
Provides
of IT
processes
Process Services
Information Services
Enables collaboration
between people,
processes & information
Orchestrate and
automate business
processes
Manages diverse
data and content in a
unified manner
Provides core monitoring
Exposes metrics in terms of service
agreements
between
Facilitateslevel
communication
services
ESB between
consumers and providers
Partner Services
Connect with trading
partners
Centralizes
security
management
Business App
Services
Access Services
Build on a robust,
Federation
ofand
identities
scaleable,
secure
services environment
Facilitates interactions
with existing information
and application assets
In conjunction with ESB, can also
provide
enforcement of SLAs
Infrastructure Services
Optimizes throughput,
availability and performance
11
SOA on your terms and our expertise
Apps &
Info Assets
Development
Services
Integrated
environment
for design
and creation
of solution
assets
Interaction Services
IT Service
Management
Facilitates better decision-making
(ITIL-based)
andinformation
tasks (technologywith real-time business
based)
Manage
and secure
services,
applications
&
resources
IBM SOA Architect Summit
SOA Reference Architecture
Supporting The SOA Lifecycle
Business Innovation & Optimization Services
Interaction Services
Process Services
Information Services
Enables collaboration
between people,
processes & information
Orchestrate and
automate business
processes
Manages diverse
data and content in a
unified manner
Provides monitoring and management
at business process level
Facilitates communication
Partner Services
ESB
between services
Business App Services
Build on a robust,
scaleable, and secure
services environment
Connect with trading
partners
Infrastructure Services
Optimizes throughput,
availability and performance
12
SOA on your terms and our expertise
Access Services
Facilitates interactions
with existing information
and application assets
Apps &
Info Assets
Integrated
environment
for design
and creation
of solution
assets
IT Service
Management
Development
Services
Facilitates better decision-making
with real-time business information
Manage
and secure
services,
applications
&
resources
IBM SOA Architect Summit
SOA Reference Architecture
Supporting The SOA Lifecycle
Integrated
environment
for design
and creation
of solution
assets
Interaction Services
Process Services
Enables collaboration
between people,
processes & information
Orchestrate and
Provides feedbackautomate
to
application
business
processes
support, test and design tools
Manages diverse
data and content in a
unified manner
Provides
access to operational
Facilitates communication ESB between services
data
Partner Services
Business App Services
Build on a robust,
scaleable, and secure
services environment
Connect with trading
partners
Infrastructure Services
Optimizes throughput,
availability and performance
13
Information Services
SOA on your terms and our expertise
Access Services
Facilitates interactions
with existing information
and application assets
IT Service
Management
Facilitates better decision-making
with real-time business information
Apps &
Info Assets
Development
Services
Business Innovation & Optimization Services
Manage
and secure
services,
applications
&
resources
IBM SOA Architect Summit
Requirements for SOA Management
B2B
Services
atomic and composite
Service Provider
Service Components
Packaged
Application
Operational Systems
Atomic Service
14
SOA on your terms and our expertise
Custom
Application
Composite Service
OO
Application
Registry
Governance
Composition; choreography;
business state machines
Data Architecture (meta-data) &
Business Intelligence
Business Process
QoS Layer (Security, Management &
Monitoring Infrastructure Services)
Integration (Enterprise Service Bus)
Service Consumer
Channel
Consumers
IBM SOA Architect Summit
Requirements for SOA Management
Business Process Monitoring: Monitor state of
business processes
B2B
Services
atomic and composite
Service Provider
Service Components
Packaged
Application
Operational Systems
Atomic Service
15
SOA on your terms and our expertise
Custom
Application
Composite Service
OO
Application
Registry
Governance
Composition; choreography;
business state machines
Data Architecture (meta-data) &
Business Intelligence
Business Process
QoS Layer (Security, Management &
Monitoring Infrastructure Services)
Integration (Enterprise Service Bus)
Service Consumer
Channel
Consumers
IBM SOA Architect Summit
Business Process Monitoring
 Report on business performance
measured against targets (scorecard)
– Share growth and new product revenue
 Track business process flow
– Status of particular insurance claim
– Bottlenecks due to human tasks
 Monitor business process metrics
– Duration, cost, branch ratios
 Business Analysis through aggregation
and multidimensional reporting
– Total monthly revenue by customer
16
SOA on your terms and our expertise
IBM SOA Architect Summit
Requirements for SOA Management
Services Management: Discover, monitor, secure
and manage services to meet SLAs
B2B
Services
atomic and composite
Service Provider
Service Components
Packaged
Application
Operational Systems
Atomic Service
17
SOA on your terms and our expertise
Custom
Application
Composite Service
OO
Application
Registry
Governance
Composition; choreography;
business state machines
Data Architecture (meta-data) &
Business Intelligence
Business Process
QoS Layer (Security, Management &
Monitoring Infrastructure Services)
Integration (Enterprise Service Bus)
Service Consumer
Channel
Consumers
IBM SOA Architect Summit
Services Management
Lifecycle Support for Web Services
To ensure service levels
conform to agreed upon
specifications, you need:
IT Operations
“Don’t give me
another console”
– Views and analysis of Web service
interactions for IT Operations to
quickly identify source of errors,
and take corrective action through
situations, workflow and mediations
– Detailed views of operational
SOAP/XML message content, flow
patterns and topology for Web
services experts and support teams
– Highly performing and flexible
enforcement points
18
SOA on your terms and our expertise
Web Services Expert
“Show me the
service details!”
IBM SOA Architect Summit
Enterprise Service Bus and SOA Management
Management tools naturally
target ESBs as enforcement
endpoints:
NEW Check
Traveler
Service
Travel
Reservation
Process
 To perform Routing of
messages based on system
capacity, Quality of Service,
and SLAs
 Leverage Conversion and
Transformation capabilities
to comply with policy
 Centralize Handling of IT
events related to Services
SOA on your terms and our expertise
Book Flight
Service
Service Management Leveraging the ESB
Enterprise Service Bus
Hotel
Availability
Service
NEW Flight
Availability
Service
19
Check Credit
Service
Flight
Availability
Service
Book Hotel
Service
OLD Flight
Availability
Service
Book Car
Service
IBM SOA Architect Summit
A Continuation of IBM’s Commitment to SOA and Simplicity
An SOA Appliance…
 Simplifies SOA with specialized devices
 Accelerates SOA with faster XML throughput
 Helps protect SOA XML implementations
IBM is re-defining the boundaries of middleware extending the
SOA Foundation with specialized, consumable, dedicated
SOA appliances that combine superior performance and
hardened security for SOA implementations
20
SOA on your terms and our expertise
IBM SOA Architect Summit
Logical Elements of an SOA Management Solution
Web
Services
Web
Services
Security
PEP
Application Server
Container
PEP
Container
PEP
Integration
PEP
Service
Requestor
Services
Management
Services
Registry &
Repository
Identity and Access
Management
Enterprise Auditing and Data Warehousing
Systems Management Portal and Service Level Reporting
21
SOA on your terms and our expertise
Enterprise
Identity
Directory
CICS/
IMS/
DB2
IBM SOA Architect Summit
Requirements for SOA Management
Manage Transaction Performance: Measure transaction
response times to discover bottlenecks, isolate infrastructure
B2B
Services
atomic and composite
Service Provider
Service Components
Packaged
Application
Operational Systems
Atomic Service
22
SOA on your terms and our expertise
Custom
Application
Composite Service
OO
Application
Registry
Governance
Composition; choreography;
business state machines
Data Architecture (meta-data) &
Business Intelligence
Business Process
QoS Layer (Security, Management &
Monitoring Infrastructure Services)
Integration (Enterprise Service Bus)
Service Consumer
Channel
Consumers
IBM SOA Architect Summit
Manage Transaction Performance
Provide Key Response Time Metrics Across Platforms
 Customers find it very difficult to
identify and isolate performance
bottlenecks in composite
applications that span technology
and platform boundaries
 Need to provide performance
instrumentation that is lightweight
and can be dynamically
configured to identify problems
before customers call
ITCAM for Response Time Tracking
ITCAM for WebSphere
 ARM-based instrumentation is the
industry standard that can be
leveraged to isolate the problem
23
SOA on your terms and our expertise
IBM SOA Architect Summit
Requirements for SOA Management
Manage the Infrastructure: Deep dives into specific
resources
B2B
Services
atomic and composite
Service Provider
Service Components
Packaged
Application
Operational Systems
Atomic Service
24
SOA on your terms and our expertise
Custom
Application
Composite Service
OO
Application
Registry
Governance
Composition; choreography;
business state machines
Data Architecture (meta-data) &
Business Intelligence
Business Process
QoS Layer (Security, Management &
Monitoring Infrastructure Services)
Integration (Enterprise Service Bus)
Service Consumer
Channel
Consumers
IBM SOA Architect Summit
Manage Supporting Middleware
Comprehensive Deep-dive Monitoring
 Identify and quickly correct applications
that are down or performing slowly
 Need to provide comprehensive
in-flight transaction display that includes
the name of the hung class/method
 Introspect messaging and brokering
subsystem for real-time metrics and
historical data analysis
 This can significantly improve
the performance and availability
of J2EE applications by reducing
problem identification and
resolution time
25
SOA on your terms and our expertise
IT Operations
Subject Matter Expert
J2EE Applications
Messaging Infrastructure
IBM SOA Architect Summit
Manage Service Levels
Enterprise-wide Reporting on Service Level Compliance
 Need to define reports on a
customer basis
 Report on compliance to service
levels and service level
agreements
 Represent all aspects of service
level performance, from business
process layer to IT infrastructure
 Perform trending analysis to
predict outages
26
SOA on your terms and our expertise
IBM SOA Architect Summit
A Comprehensive View of SOA Resources
Integrated Console
B2B
atomic and composite
Service Provider
Service Components
Operational Systems
Service
Management
Application
Monitoring
Packaged
Resource
Application
Monitoring
Transaction
Tracking
Custom
Application
Resource
Monitoring
Governance
Services
Data Architecture (meta-data) &
Business Intelligence
Composition; choreography;
business state machines
QoS Layer (Security, Management &
Monitoring Infrastructure Services)
Business Process
Integration (Enterprise Service Bus)
Service Consumer
Channel
Consumers
OO
Application
Integrated Reporting
27
SOA on your terms and our expertise
IBM SOA Architect Summit
Requirements for SOA Management
Integrated Security & Compliance: Identity, Authentication,
Authorization, Auditing and Compliance
B2B
Services
atomic and composite
Service Provider
Service Components
Packaged
Application
Operational Systems
Atomic Service
28
SOA on your terms and our expertise
Custom
Application
Composite Service
OO
Application
Registry
Governance
Composition; choreography;
business state machines
Data Architecture (meta-data) &
Business Intelligence
Business Process
QoS Layer (Security, Management &
Monitoring Infrastructure Services)
Integration (Enterprise Service Bus)
Service Consumer
Channel
Consumers
IBM SOA Architect Summit
SOA Security
What is “Federated Identity Management”?
 Definition
– An “identity federation” is a federation in which identity
management (authentication, access control, auditing, and
provisioning) is distributed between the partners based on
their role within the federation
– An Identity Federation can allow users from one federation
partner to seamlessly access resources from another
partner in a secure and trustworthy manner
 Roles
– End user
– Identity Provider (IdP)
– Service Provider (SP)
 Functions
– Single Sign-On/Sign-Off (including “global” sign-off)
– Provisioning/De-provisioning
– Account Linking/De-linking
29
SOA on your terms and our expertise
IBM SOA Architect Summit
SOA Security – Trust Model
Policy
1. Get Token
Security
Token
Service
Security Token
Policy
Requestor
Claims
Claims
3. Validate Token
Security Token
2. Send
Message
(including token)
Policy
Provider
Security Token
Claims
 Identity Federation and Web Services requires trust
 This trust is based on agreements between partners & expressed as policies
 Trust can be enabled by technology
 Trust requirements expressed as infrastructure policies and requirements
 Security tokens include identity information; Cryptographic keys used to sign Security Tokens
 Technology needs to be standards based
 Standard ways to express and exchange policies that reflect trust relationships
 Agreed token format, information content, signing and encryption methods
30
SOA on your terms and our expertise
IBM SOA Architect Summit
Managing Identities and Access to Cross-company Resources
Third-Party
Access
Partner
Company A
User
Third Party
Business Portal
Employee
Travel
Company B
User
Direct Access
Company D
Company C
Healthcare
Provider
31
Insurance
Provider
SOA on your terms and our expertise
Stock
Options
 Enable companies to
manage “users” or “identities”
that are now under their control,
reducing high identity
management costs
 Enable users to easily
navigate between Web sites
while maintaining a single
login identity, improving user
experience
 Provide companies with a
common way to network
identities between different
companies or between
applications, simplifying
service integration
IBM SOA Architect Summit
Logical Elements of SOA Security
Web
Services
Web
Services
Security
PEP
Application Server
JAAS/
JACC
WSSM
Service
Requestor
ws-trust
Line of Business
Security
Risk Assurance
Network Operations
Policy
Management
Integration
PEP
Trust
Management
(FIM)
ws-trust
Identity and Access
Management
Enterprise Auditing and Data Warehousing
Systems Management Portal and Service Level Reporting
32
SOA on your terms and our expertise
Enterprise
Directory
CICS/
IMS/
DB2
IBM SOA Architect Summit
Addressing the Identity Integration Issue
Capabilities of a Complete Federated Identity Solution
Federated User Experience
Federated User
Lifecycle Management
Partner enrollment/De-enrollment
Partner Provisioning/De-Provisioning of identity accounts
Partner User Registration
Web Services Security
Management
Authentication for service access
Service access control
Seamless integration of disparate applications
Trust Management
Platform
33
Federation Introduction/Termination
Federated Single Sign On, Single Sign Off
Session Management
Integration with Identity and Access Management
Integration with middleware platforms
SOA on your terms and our expertise
Partner Key Management
Trust Service, Security Token Service
Identity and Authorization Services
IBM SOA Architect Summit
Mapping to the IBM Products
WebSphere Business
Monitor
Tivoli Federated
Identity Manager
Tivoli ITSM Process Managers
Business Innovation & Optimization Services
Integrated
environment
for design
and creation
of solution
assets
Process Services
Information Services
Enables collaboration
between people,
processes & information
Orchestrate and
automate business
processes
Manages diverse data
in a unified manner
Facilitates communication
Partner Services
IT Service
Management
Interaction Services
Connect with trading
partners
ESB between services
Business App Services
Build on a robust,
scaleable, and secure
services environment
Infrastructure Services
Optimizes throughput, availability
and performance
WebSphere DataPower
SOA Appliance
34
Tivoli Service Level
Advisor
SOA on your terms and our expertise
Access Services
Facilitates interactions
with existing information
and application assets
Apps &
Info Assets
Development
Services
Facilitates better decision-making with
real-time business information
Manage and
secure
services,
applications
&
resources
Tivoli Composite
Application Managers
Tivoli OMEGAMON
XE for Messaging
IBM SOA Architect Summit
Thai
Hindi
Traditional Chinese
Gracias
Spanish
Russian
Thank You
Obrigado
Brazilian Portuguese
Arabic
Grazie
Danke
German
Italian
Merci
French
Tamil
Simplified Chinese
Korean
Japanese
35
SOA on your terms and our expertise
5