FMEA-technique of FMEA-technique of Web Services Analysis Web Services Analysis and Dependability and Dependability EnsuringEnsuring

Anatoliy Gorbenko Anatoliy Gorbenko Vyacheslav Kharchenko Vyacheslav Kharchenko

Olga TarasyukOlga Tarasyuk

National Aerospace University "KhAI“, National Aerospace University "KhAI“, UkraineUkraine

Department of Computer Systems Department of Computer Systems and Networksand Networks

1

CONTENTCONTENT1. Introduction

Web Services Technologies; Purpose & Tasks of the Paper

2. Analysis of the Web Services by using FMEA-technique Web Services component architectures Web Services Failure Taxonomy FMEA-tables & results of Web Services analysis

3. Ensuring Web Services dependability and fault-tolerance Failure effect recovery Failure prevention Fault-tolerance & Web Service Diversity Fault removal

4. Dependable Web Services development and deployment Using FMEA-technique for dependable Web Services development The principles of dependable and secure Web Services deployment Implementation

5. Conclusion

2

1. Introduction (1)1. Introduction (1)

User

WSDL WebService

Global UDDI Registry

Registerthe Web Service

Discoverthe Web Service

SOAP Messagingover HTTP

Invokethe Web Service

Web Service Description...<service name="Ws1 "> <soap:address location="http://aria.xai12.ai:8080/ws1/ws1 " ...</service><operation name="sayHi "> <input> ... </input> <output> ... </output></operation>...

Internet/IntranetWeb Service's

Response

3

Web Services Technologies

1. Introduction (2)1. Introduction (2)

Web Services are extensively used now in developing various business-critical applications:

distributed banking systems & Internet auctions;hotel/car/flight/train reservation and booking;e-commerce, e-business, e-science, etc.

Web Services dependability attributes: Availability and Reliability; Performance/responsiveness; Security, etc.

Analysis and ensuring dependability in this architecture is an emerging area of research and development.

4

1. Introduction (3)1. Introduction (3)

Purpose of this report is: application of FMEA (Failure Modes and Effects Analysis) -technique for Web Services analysis and dependability ensuring.

Tasks of the report are: Analysis of Web Services failures modes and causes;Analysis of Web Services failures effect on system, components and end users;Determination of the means for ensuring dependability:

Failure prevention; Fault-tolerance and failure effect recovery;; Fault removal.

5

2. 2. Analysis of the Web Services by Using FMEA-technique

The use of the FMEA-techniquefor the Web Services analysis includes:

Web Services decomposition on component parts; Identification of the typical failures; Analysis of theirs influence on the Web Services dependability; Determination of the necessary means for

fault-tolerance and failure effect recovery.

FMEA-technique may be an important part of Web Services dependability guaranteeing program.

6

Web Services component architectures (1)

Ope

rati

ng S

yste

m

Web Server

Application Server

DBMS

Data BaseStored procedures

Servlets

Software Environment

Hardware Environment

Web Services ComponentsWeb Services Components

1. Hardware Environment;2. Software Environment: 2.1. Operating System; 2.2. System SW: 2.2.1. Web Server; 2.2.2. Application Server; 2.2.3. DBMS; 2.3. Application SW: 2.3.1. Servlets; 2.3.2. Stored procedures & triggers.

1. 1. All components in the All components in the same hostsame host

7

2. 2. Fully separated Fully separated component architecturecomponent architecture

Ope

rati

ng S

yste

mW

eb S

erve

r

Ope

rati

ng S

yste

mA

pp

lica

tion

Ser

ver

Ser

vlet

s

Ope

rati

ng S

yste

mD

BM

S

Dat

a B

ase

Sto

red

pro

ced

ure

s

Web Server App Server Database Server

Web Services ComponentsWeb Services Components

1. Hardware Environment;2. Software Environment: 2.1. Operating System; 2.2. System SW: 2.2.1. Web Server; 2.2.2. App Server; 2.2.3. DBMS; 2.3. Application SW: 2.3.1. Servlets; 2.3.2. Stored proc. & triggers.

8

Web Services component architectures (2)

Web Services component architectures (3)

Ope

rati

ng S

yste

mW

eb S

erve

r

Ap

pli

cati

on S

erve

rS

ervl

ets

Ope

rati

ng S

yste

mD

BM

S

Dat

a B

ase

Sto

red

pro

ced

ure

s

Web&App Server Database Server

3. 3. Partially separated Partially separated component architecturecomponent architecture

9

Web Services ComponentsWeb Services Components

1. Hardware Environment;2. Software Environment: 2.1. Operating System; 2.2. System SW: 2.2.1. Web Server; 2.2.2. App Server; 2.2.3. DBMS; 2.3. Application SW: 2.3.1. Servlets; 2.3.2. Stored proc. & triggers.

Web Services Failure Taxonomy

Software(SW) environment

System services

Environment-dependent failures Application-specificfailures

Hardware (HW) environment

Operation System (OS)

Web-server App Server DBMS

Applicationsoftware(servlets)

DB storedprocedures

andtriggers

Transient (Accidental)Permanent

No influence InterruptionTermination

Failure dependence

Failure specificationattributes Failure modes

Non-evidentEvident

Failure domain

Stability of occurrence

Failure evidence

Influence on operability

10

Hardware failures modes and effects analysis

11

Compressed Format of FMEA-Tables

EquivalentCommonBus

12

Software failures modes and effects analysis

13

Results of Web Services failures modes and effects analysis

Several failures modes can lead to the prolonged or short- term service aborting that affects on users as denial of service.

Some failures result in a non-evident incorrect service that is more dramatic for many applications (e-commerce, critical automation control, etc.) because will entail serious consequences, financial loss and, finally, service discrediting.

The prevalent sources of Web Services failures are the different software components.

14

3. Ensuring Web Services Dependability 3. Ensuring Web Services Dependability and Fault-Toleranceand Fault-Tolerance

15

Failure effect recovery

Failure prevention

Fault-tolerance

Fault removal

Failure causes

Failure evidence

Stability of occurence

DEPENDABILITYENSURING MEANS

Failure domain

Failure effect

CRITERIA OF FAILURESSPECIFICATION

Dependence

Failure effect recovery

1) replacement of crashed hardware components; 2) reinstall of crashed software components; 3) data recovery; 4) system rebooting or restarting of the particular software services*.

* System rebooting and restarting of the particular software services and applications can be performed

in automatic mode with the help of hardware or software implemented watch-dog timers to achieve better availability.

16

Failure prevention

1) quality control techniques employed during the design of the own developed application software;

2) procedures for input parameter checking;3) rigorous procedures for system maintenance and

administration;4) firewalls, security guards and scanners to prevent malicious

failures;5) software rejuvenation based on forced

restarting/reinitialization of the SW components.

NOTE: Service publisher has limited means for failure effect prevention because the most of the HW and SW components

of the Web Service are the COTS- (commercial of the shelf) components developed by third parties.

17

Fault-tolerance (1)

Permanent

Accidental Evident

Non-evident

Hardwareenvironment

Softwareenvironment

Transient

Partial HWredundancy

Complite HWredundancy

Evident

HW diversity

SW replicationor diversity

Operation retry

EvidentReplication ofthe System SW

Permanent

Diversity ofthe System SW

CompliteHW redundancy

or diversity

Non-evident

Evident

Non-evident

Failure modeFailuredomain

Stability ofOccurrence

FailureEvidence

Fault-tolerant means

ApplicationSoftware Permanent

Evident

Non-evident

Application-specificexceptions handling

Diversity of theApplication SW

18

Fault-tolerance (2)

DiversityDiversity is one of the most efficient method for is one of the most efficient method for Web Services fault-tolerance provision.Web Services fault-tolerance provision.

Diversity of Web Services can be used for:Hardware platform; Operating Systems; Web & Application Servers; DBMS and, finally, for Application Software.

It can by applied both It can by applied both separatelyseparately and in many and in many various various combinationscombinations..

19

Fault Removal

Fault removal of the Web Services based, first of all, on the systematic applying of the updates and patches for hardware (microcode updates) and software developed by third parties (OS, drivers, web and application servers, DBMS).

Fault removal from the own developed application software is performed both during the development phase and the maintenance.

20

4. Dependable Web Services Development 4. Dependable Web Services Development and Deploymentand Deployment

Using FMEA-technique for Dependable Web Services Development

WebService

FMEA Tables Means for Fault-Toleranceand Dependability Ensuring

Common Detailed Existed Additional

Updating

System Requirements

General scheme of Web Services FMEA-analysis General scheme of Web Services FMEA-analysis and dependability ensuringand dependability ensuring

21

Servlets,DB triggersand storedprocedures

HW/SW EnvironmentArchitecture

HW/SW EnvironmentSpecification

BusinessLogic

Failures criticality(cost) and probability

analisys

Analisys of cost,efectiveness andcompatibility ofdifferent means

Risk analysis,optimization and

choice

Updating of theHW/SW architecture,

environmentspecification and

business logic

Web ServiceApplication

Software

CommonFMEA-tables

DetailedFMEA-tables

Set of means forfault-tolerance

provision

Detailed scheme of Web Services FMEA-analysis Detailed scheme of Web Services FMEA-analysis and dependability ensuring and dependability ensuring

22

The principles of Dependable and Secure Web Services Deployment

1. Defence in Depth and Diversity (DD&D).

2. Adaptability and Update (A&U).

23

Defence in Depth and Diversity Defence in Depth and Diversity (DD&D) Principle(DD&D) Principle

DD&D principle provides:

1) joint usage of existed security and fault-tolerance facilities at the different levels of the Web Service architecture (Defence in DepthDefence in Depth);

2) using of DiversityDiversity at the different levels of the Web Service architecture (HW platform, OS, System and Application SW, etc.).

Here, the Here, the compatibilitycompatibility between different facilities between different facilities and diversity modesand diversity modes must be taken into account. must be taken into account.

24

Adaptability and update (A&U)Adaptability and update (A&U) principle principle

The essence of this principle is the dynamic changing of Web Service architecture and diversity mode according to observed failures and intrusions (AdaptabilityAdaptability).

For that the intellectual monitors can be usedto detect failures and intrusions;to analyse their modes, effects and causes;to choose the better Web Service configuration.

These means can include external alarm services to notify automatically about recent Internet security vulnerabilities, novel viruses and to distribute security updates and patches (UpdateUpdate).

25

Implementation (1)Implementation (1)26

Architecture of dependable Web Services upgrading

.

.

.MonitoringTool

ManagementTool

Data Base

Web-Service 1.0(Old)

WS Upgrating Environment

User(Service requester)

WSDL

WSDL

WSDL

Upgrating Middleware

Composite Web Service

UDDI Registry

Third-partyWeb Services

Web-Service 1.1(New)

A. Gorbenko, V. Kharchenko, P. Popov, A. Romanovsky, A. Boyarchuk. Development of Dependable Web Services out of Undependable Web Components. CS-TR: 863,

School of Computing Science, University of Newcastle upon Tyne, UK, Oct 2004, 36 pages.

Implementation (2)Implementation (2)27

Diversity Configuration

Management

.

.

.MonitoringTool

ManagementTool

Data Base

Web-Service N

User(Service requester)

Composite Web Service

Dependable Middleware

UDDI Registry

DiversWeb Services

FMEA-tablesSet of means forfault-tolerance

provision

External alarmservices

Web-Service 1Serviceresolver

WSDLWSDL

WSDL

ConfigurationAgent

ConfigurationAgent

Setting thevariant of OS,

Web&AppServers, DBMS

Architecture of dependable and Secure WSs Deployment

5. Conclusion5. Conclusion (1) (1)

1. Publishers of Web Services have a limited possibility for fault prevention and fault removal of the most Web Services components, developed by third parties.

=>=> Thus, redundancy in combination with diversity is one of the basic means of dependability ensuring and fault tolerance provision.

2. However, using diversity in Web Service architecture requires detailed researches and addition solutions because it can lead to the addition security violations.

28

5. Conclusion5. Conclusion (2) (2)

3.The non-evident failures are the most critical for the majority areas of Web Services applications.

4. The additional adaptive reliable algorithms and means of voting and failures diagnosis must be implemented for the ensuring tolerance to the non-evident failures and prevention of losses of the processed (in-service) requests.

29

5. Conclusion5. Conclusion (3) (3)

5. FMEA-tables may be dynamically updated during Web Service operation. It will allow (jointly with implementation of DD&D and A&U principles) to increase the effectiveness of the used means of dependability ensuring.

6. Fulfilled analysis can be extended by taking into account the lacks of required resources or services and service unavailability due to network failures. Besides, the critical analysis of different failures modes can be performed.

30