service oriented architecture and cloud computing:and

Service Oriented Architecture and Cloud Computing:and Cloud Computing: Potential and Cautions for Navy Adoption

Dennis SmithResearch, Technology and Systems Solutions (RTSS) ProgramSystem of Systems Practice (SoSP) Initiative

CNO SSG C t TCNO SSG Concept Team9 February, 2011

© 2011 Carnegie Mellon University

Agenda

Purpose

Service orientationService orientation

Cloud computing

Conclusion

2

SOA and Cloud ComputingCNO 9 February, 2011© 2011 Carnegie Mellon University

Purpose

Provide an overview of service orientation and cloud computing• Identify the core concepts of the two technologies• Identify the potential impact of adoption• Present limitations and engineering tradeoffs of each approach

3


Agenda

Purpose


Cloud computing

Conclusion

4


Service Orientation

Service orientation has become a common approach for implementation of distributed, loosely-coupled systems• Services provide reusable business functionality via well-defined interfaces.• Service consumers are built using functionality from available services.• There is a clear separation between service interface and service

implementation.– Service interface is just as important as service implementation.

• An SOA infrastructure enables discovery, composition, and invocation of services.

• Protocols are predominantly, but not exclusively, message-based document exchanges.

5


Services

Services are reusable components that represent mission or business tasks.• Customer lookup• Terrain• WeatherWeather• Credit card validation

Services can beGlobally distributed across organizations• Globally distributed across organizations

• Reconfigured into new mission or business processes

Service interface definitions are well defined firstService interface definitions are well-defined first-class artifacts available in some form of service registry.

6


Components of a Service-Oriented System

End User Application Portal

Internal System

Service

External Consumer

SOA Infrastructure Internet

Consumers

DiscoverySecurity

Infrastructure

Data Transformation

Service A

Service B

Service C

Service D

Service Interfaces

Enterprise Information System

External System

Internal Users

Legacy or New Service Code Service

Implementation

7


Benefits Associated with Service OrientationOrientationCost-Efficiency• Services provide functionality that can be reused many times by manyServices provide functionality that can be reused many times by many

consumers• Services become a single point of maintenance and management for

common functionalityAgility• Through service discovery mechanisms, developers can find and take

advantage of existing services to reduce development times Legacy Leverage• Separation of service interface from service implementation provides true

platform independencep pAdaptability• Separation of service interface from service implementation allows for

incremental deployment of services and incremental modernization

8


p y

Tradeoffs

Security• Breaking systems into services, service consumers, and infrastructure

components increase the attack surface of a system• Using a SOA-based system to enable inter-organizational functionality

exposes organizations to threats that were previously hid by the firewallPerformance• SOA infrastructure adds agility, reusability, and adaptability but is costly in

performance• Compensating for increased security requirements also impacts performance

9


Common Misconceptions About SOA

1. SOA provides the complete architecture for a system2 All legacy systems can be easily integrated into an SOA2. All legacy systems can be easily integrated into an SOA

environment3. SOA is all about standards and standards are all that is

neededneeded4. The use of standards guarantees interoperability in an SOA

environment5 SOA i ll b t t h l5. SOA is all about technology6. It is very easy to develop applications based on services7. Testing service-oriented systems is no different than testing

any other type of system8. Everything in a service-oriented system has to be a service

10


What Has Worked Well in SOA Implementations?Implementations?

StandardizationLoose coupling Strategic service identificationService discovery mechanismsyGovernance

11


Standardization

Even though there are multiple ways to implement service-oriented systems, the most common implementation is based onmost common implementation is based on WS* Web Services

Benefits• Interoperability: standard interfaces to

heterogeneous technologies• Tool support• Enablement of other aspects of service-

oriented systems: discovery, composition, etcU f thi d t i• Usage of third-party services

• Potential for shorter development times– All you need to know to use a service is

th

12


there

Loose Coupling

Different architectural patterns emphasize different forms of loose coupling — however, there is always some form of coupling• Data centric — data model• Data centric data model• Event driven — events and event mechanism• Service orientation — interfaces and communication mechanisms

Two forms of loose coupling in service orientationTwo forms of loose coupling in service orientation• Between provider and consumer

– Service provider and consumer know as little as possible about each other– SOA infrastructure mediates a lot of the differences between providers and

consumers– SOA infrastructure also provides centralization of support for key quality

attributesattributes• Between interface and implementation

– Service locationS i i l t ti t h l i

13


– Service implementation technologies

What Has Not Been Solved With Service Orientation ?Orientation ?Multi-organizational SOA implementations, e.g.

Di t ib t d d l t t k• Distributed development tasks, e.g. assurance• Multi-organizational concerns, e.g. trust, federation, security

Standardization on how to specify quality attributes• Key for service discovery and SLA management and monitoring

Support for interoperability at higher levels• Above syntactic: semantic and process interoperability

Automation of service discovery• Many efforts, but still not widely used

14


Selected Challenges for DoD SOA ImplementationsImplementations

DoD Vision and Needs SOA Technology State of the Practice

Highly adaptable to changes in Design for Context No agreement on how to g y p gthe environment

gAwareness

grepresent context. No real implementation of contextual service discovery mechanisms.

Highly configurable to deal with Design for Runtime No standard for semantics ToolHighly configurable to deal with multiple deployment choices

Design for Runtime Discovery and Composition

No standard for semantics. Tool support is very weak. No relevant examples of large-scale use.

Highly secure due to potentiallyl ifi d t t d li i

Securing SOA I f t t d

Federated identity management, it li i d liclassified content and malicious

attacksInfrastructures and Services

security policies and policy enforcement, and trust establishment and trust brokering in SOA environments are all active

f hareas of research.Highly reliable and precise in a mission-critical context

Real-Time SOA Current, widely-used SOA implementation technologies do not meet real-time requirements.

15


q

So What Is Different?

There is nothing conceptually new, but it has brought together existing technologies and good practices in a way that works.g g p y• More aligned with mission and business

– Services represent coarse-grained reusable mission and business tasks• Backed by industryBacked by industry• Standards-based• Greater degree of rigor in interface specifications

Truly loosely coupled• Truly loosely-coupled– In most cases, there is no need for consumers to install specific components– Platform-independent

• What is behind the interface is irrelevant to the consumer• Philosophy or paradigm as opposed to a set of technologies

16


Agenda

Purpose


Cloud computing

Conclusion

17


Cloud Computing

“A large-scale distributed computing paradigm that is driven by economies of scale, in which a pool of abstracted, virtualized, dynamically-scalable, managed computing power, storage, platforms, and services are delivered on demand to external customers over the Internet.” 1

Cloud Computing is a distributed computing paradigm that focuses on providing a wide range of users with distributed access to virtualized hardware and/or software infrastructure over the Internet.

1 I. Foster, Y. Zhau, R. Ioan, and S. Lu. “Cloud Computing and Grid Computing : 360-Degree Compared.” Grid Computing Environments Workshop 2008

18


Computing Environments Workshop, 2008.

Cloud Computing — Core Concepts

Distributed computing paradigm• Large-scale distributed system

Resource-based and service-based• Provides access to a resource and/or service

Elastic and on demand• Has the ability to scale up or down based on demand

Economies of scale• Contains a large number of nodes and therefore reduces the overall cost of

resource acquisition and operation Utility payment models• Based on pay-per-use model

Based on existing technologies• Leverages existing technologies such as virtualization, service-orientation

and grid computing

19


Cloud Computing Types

Software-as-a-Service (SaaS)

Public Cloud

( )

Platform as a Service (PaaS)

Private Cloud

Platform-as-a-Service (PaaS)

Infrastructure-as-a-Service (IaaS)

Based on Type of Capability Based on Access

20


Based on access

Software-as-a-Service (SaaS)

Application-specific capabilities, e.g., service that provides customer managementAllows organizations and developers to use business-specific capabilities developed by third partiesExamplesp• Force.com (http://www.salesforce.com/platform/)

– From salesforce.com (SaaS leader), provides enterprise users a platform to build and run applications and components bought from AppExchangepp p g pp gor custom applications

• Zoho (http://www.zoho.com/)– Provides a large suite of web-based applications, mostly for enterprise useg y

21


Platform-as-a-Service (PaaS)A li ti d l t l tf t i t h t J tApplication development platforms, e.g. containers to host Java componentsAllows developers to leverage the resources of established organizations to create and host applications of a larger scale than an individual or small business would be able to handlebusiness would be able to handleExamples

• Google App Engine (http://code.google.com/appengine/)Provides users a complete development stack and allows them to run their– Provides users a complete development stack and allows them to run their applications on Google’s infrastructure

• Yahoo! Open Strategy (Y!OS) (http://developer.yahoo.com/yos/intro/)– Provides users with a means of developing web applications on top of the existing

Yahoo! platform, and in doing so leveraging a significant portion of the Yahoo! resources

• Akamai EdgePlatform (http://www.akamai.com/html/technology/edgeplatform.html)– Provides a large distributed computing platform on which organizations can deploy– Provides a large distributed computing platform on which organizations can deploy

their web applications; large focus on analysis and monitoring• Microsoft Azure Services Platform (http://www.microsoft.com/azure/)

– Provides users with on-demand compute and storage services as well as a

22


development platform based on Windows Azure

Infrastructure-as-a-Service (IaaS)

Generic computational infrastructure available over the Internet, e.g. compute, storage, etc.Allows organizations and developers to extend their IT infrastructure on an on-Allows organizations and developers to extend their IT infrastructure on an ondemand basisExamples

• Amazon Elastic Compute Cloud (EC2) (http://aws.amazon.com/ec2/)p ( ) ( p )– Provides users with a special virtual machine (AMI) that can be deployed and run on

the EC2 infrastructure• Amazon Simple Storage Solution (S3) (http://aws.amazon.com/s3/)

– Provides users with access to dynamically scalable storage resources• IBM Computing on Demand (CoD) (http://www-03.ibm.com/systems/deepcomputing/cod/)

– Provides users with access to highly configurable servers plus value-added services such as data storagesuch as data storage

• Microsoft Live Mesh (http://www.mesh.com/)– Provides users with access to a distributed file system; targeted at individual use

23


Cloud Computing Types — Based on AccessPublic• Offered as a service, usually over an Internet connection• Typically charge a monthly usage fee

PERSPECTIVE

yp y g y g• Users can scale on-demand and do not need to purchase

hardware• Service providers manage the infrastructure and pool

Cloud Consumer

p g presources into capacity required by consumers

Private• Deployed inside the firewall and managed by the user p y g y

organization• User organization owns the software and hardware running

in the cloudCloud

Provider

• User organization manages the cloud and provides cloud resources

• Resources typically not shared outside the organization d f ll t l i t i d b th i ti

24


and full control is retained by the organization

Drivers for Cloud Computing AdoptionScalability Users have access to a large amount of resources that scaleScalability Users have access to a large amount of resources that scale

based on user demandElasticity The environment transparently manages a user’s resource

utilization based on dynamically changing needsy y g gVirtualization Each user has a single view of the available resources,

independently of how they are arranged in terms of physical devices

Cost The pay-per-usage model allows an organization to only pay for the resources they need with basically no investment in the physical resources available in the cloud. There are no i f t t i t d tinfrastructure maintenance or upgrade costs

Mobility Users have the ability for the user to access data and applications from around the globe

C ll b ti U t ti t th l d t kCollaboration Users are starting to see the cloud as a way to work simultaneously on common data and information

Risk Reduction

Users can use the cloud to test ideas and concepts before making major investments in technology

25


Reduction making major investments in technology

Barriers for Cloud Computing Adoption

Security The key concern is data privacy: users do not have control of or know where their data is being stored

Interoperability A universal set of standards and/or interfaces have not yet been defined, resulting in a significant risk of vendor lock-in

Control The amount of control that the user has over the cloud environment varies greatly

Performance All access to the cloud is done via the internet, introducing latency into every communication between the user and the environmentenvironment

Reliability Many existing cloud infrastructures leverage commodity hardware that is known to fail unexpectedly

Pl tf S l d i t id t f ifiPlatform or Language Specificity

Some cloud environments provide support for specific platforms and languages only

26


Business Case for Cloud Computing

Cloud Consumer Cloud Provider

• Reduced overhead• Increased speed

Increased flexibility

• New business models• Additional revenue sources

More customer options• Increased flexibility• Increased scalability

• More customer options• Global coverage

clickdocuments.com

27


clickdocuments.com

Agenda

Purpose


Cloud computing

Conclusion

28


Conclusion 1

Service orientation is an approach to software development where• Services provide reusable functionality with well-defined interfaces.• An SOA infrastructure enables discovery, composition, and invocation of

services. • Service consumers are built using functionality from available services.

Service orientation is more than just an architectural style• It is a way of developing systems.• It requires a change of mindset.It requires a change of mindset.• It requires alignment with business or operational goals and processes to be

of value.• The core concept will most likely endure, but specific implementations will p y , p p

continue to change

29


Conclusion 2

Cloud Computing is in essence an economic model• It is a different way to acquire and manage IT resources

There are multiple cloud providers—the cloud is real• Currently most cloud consumers are small enterprises• Large enterprises are exploring private cloudsg g• The number of providers will most probably grow as people start seeing

greater savings and improvements to reduce adoption barriersCloud Computing adoption requires cost/benefit/risk analysis to p g p q ydetermine• What resources to move to the cloud (if any)• What situations warrant use of cloud resources, even for one-time situations,• Implementation of private clouds vs. usage of public clouds• What risks are associated with using resources on the cloud• What risks are associated to providing resources in the cloud

30


What risks are associated to providing resources in the cloud

Contact Information

Grace A. [email protected] 1 412 268-5851Dennis B [email protected] 1 412 268-6850

Research, Technology and Systems Solutions (RTSS) ProgramSystem of Systems Practice (SoSP) Initiative

Software Engineering Institute4500 Fifth AvenuePittsburgh, PA 15213-2612Pittsburgh, PA 15213 2612USA

31


NO WARRANTY

THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN “AS IS" BASIS CARNEGIEENGINEERING INSTITUTE IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL CARNEGIE MELLON UNIVERSITY DOESOBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

Use of any trademarks in this presentation is not intended in any way to infringe on the y p y y grights of the trademark holder.

This Presentation may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use Requests for permission should be directed to the Softwareis required for any other use. Requests for permission should be directed to the Software Engineering Institute at [email protected].

This work was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software g y pEngineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under

32


p , g p p p py gthe clause at 252.227-7013.

service oriented architecture and cloud computing:and

Documents