The Hogg Blog : S+S

SOA Symposium: SOA, Software + Services and Cloud Computing

Jason Hogg — Fri, 23 Oct 2009 09:44:00 GMT

I am presenting a discussion on SOA, S+S and Cloud computing later today at SOA Symposium. I have included the abstract for the talk and the slides that will be used in the presentation for anyone interested.

Organizations evaluating Software + Services and Cloud Computing offerings must first have a well thought-out SOA strategy in order to maximize the return on their investment. They must further understand how the Software + Services platform and the related emerging platforms can be shaped with SOA principles in order to establish a sound and standardized services eco-system that can build up on and extend service-oriented architecture implementations. This presentation will describe the relationship between these various paradigms, including detailed discussions of topics relevant to enterprise architects, software architects and infrastructure architects.

SOA Symposium: Understanding SOA Security Patterns

Jason Hogg — Fri, 23 Oct 2009 09:33:00 GMT

I presented a discussion on SOA Security Patterns at the SOA Symposium today in Rotterdam. The abstract fro the talk is included below and the PPT is attached for anyone interested.

Service-oriented solutions are distributed applications and therefore rely on many of the established security controls, practices, and technologies. However, there are distinct characteristics that make services and service compositions special. For example, designing distributed systems that will with greater frequency span organizational boundaries requires architects to understand threats associated with exposing such functionality on potentially hostile networks. This presentation walks through a number of the SOA design patterns that are specific to services, processes, and SOA security in general. In this talk we will introduce and explain these patterns and discuss how they can be applied to establish a secure foundation to service-oriented systems.

SOA Patterns

Jason Hogg — Mon, 28 Sep 2009 00:32:00 GMT

About a 18 months ago Thomas Erl approached a group of us at Microsoft if we could review the SOA Patterns work he was doing. Whilst doing the review I observed that the book was lacking any patterns describing how to think about security within SOA applications. We talked and decided to add two whole chapters on the topic - starting with material that we (Fred Chong, Tom Hollander, Wojteck Kozaczynski, Lonnie Wall, Paul Slater, Dwayne Taylor and Ward Cunningham) had created in patterns & practices about 5 years ago.

The book is now available (has been for about 6 months now - this post is a little dated :-) - but included the following security related patterns:

Direct authentication
Brokered authentication
Data confidentiality
Data origin authentication
Exception shielding
Message screening
Trusted subsystem
Service perimeter guard

The book also includes a bunch more patterns - which when combined with other books like Enterprise Integration Patterns (Hohpe) and Integration Patterns (P&P) makes for an invaluable resource for understanding different approaches for designing distributed systems. I am also really pleased to see there is a SOA Symposium event in the Netherlands at the end of October where we will be presenting a bunch of this material. I will post more about this later this week...

Service Orientation Today and Tomorrow

Jason Hogg — Mon, 28 Sep 2009 00:18:00 GMT

Diegon Dagum has just sent out the release note for the latest edition of the Microsoft Architecture Journal. It includes a bunch of really interesting papers including one that myself and a group of my colleagues from Worldwide Services put together summarizing key design considerations for Software + Services and Cloud Computing. Because we believe that the full benefit from S+S cannot be gained by just focusing on implications for application design - our paper tries to capture major design considerations from a number of perspectives including that of: Enterprise Architects, Software Architects (including Integration, Application and Information Design), Infrastructure Architects - whilst also describing cross cutting concerns relating to security, operations and management. Enjoy!!

Some of the other articles also look really intersting so will try to report back in the coming weeks about key points from the other papers... in the mean time take a look here if you are interested.

Contents

Design Considerations for Software plus Services and Cloud Computing
Model-Driven SOA with "Oslo"
An Enterprise Architecture Strategy for SOA
Enabling Business Capabilities with SOA
Service Registry: A Key Piece for Enhancing Reuse in SOA
How the Cloud Stretches the SOA Scope
Event-Driven Architecture: SOA Through the Looking Glass
Is SOA Being Pushed Beyond Its Limits?

A Graphical DSL for Describing SOA Applications

Jason Hogg — Wed, 28 Jan 2009 09:05:00 GMT

Last October we ran a SOA workshop in Redmond, with the goal being to have members of the MCS field, global practices and other customer facing organizations discuss scenarios and patterns that they see on a regular basis. Having run several of these workshops in the psat, one challenge that is hard to overcome is ensuring people describe their scenarios and solutions in a standard way.

Given the lack of a standard vocabulary for many (most?) domains within our industry this is obviously made more difficult. In an attempt to overcome this shortfall myself, Piyush Gupta and Sudarsan Srinivasan spent about a month decomposing a number of customer solutions into their constituent patterns - thus building a catalog of patterns that participants at our workshop could use when describing solutions to their scenarios. Where such patterns were already documented, we normalized on terms from sources such as Hohpe's Integration Patterns, SOA Patterns, Workflow Patterns, Patterns and Practices and IBM's dev center.

Even armed with a standard vocabulary, the next problem becomes how do you succinctly present complex system designs without requiring large numbers of UML objects. Christopher Alexander aluded to the solution to this problem through the use of a visual notation to accompany each pattern. So I searched around and found that Matthew Oskowis had created a nice little Visio template including icons for each of Gregor Hohpe's patterns. This helped us for about 50% of the patterns and so I extended it to include the additional patterns that we had identified.

When using this visual notation it became too difficult expecting everyone to recognize each of these icons, so I also extended each icon to include the pattern name. It makes the diagrams a little clumsy - but they are still quite readable. As you can see in the diagram below it is also obvious that these icons convey a lot of information in a small amount of space - more so than an equivalent UML model would for example.

The diagram below illustrates one such example, where a service agent is performing requestor side caching allowing configuration information to be retrieved from a central configuration service and cached. The Configuration Notification Service also allows the client (should it subscribe) to be notified of changes to this configuration.

For my presentation for tomorrow's SOA BP conference I will be walking through a number of scenarios using this SOA DSL, so figured I would first post it on the blog for people that are interested in using it. If you use it or extend it let me know how you go, or share your updates.

Agent-Design Patterns for Building Distributed Service Bus Applications

Jason Hogg — Wed, 28 Jan 2009 03:36:00 GMT

Another blog that is several months late, but as usual, better late than never. I am currently preparing my presentation for tomorrow's Real World SOA: Microsoft SOA and Business Process Conference I finally made the time to read Danny Garber's paper on Agent-Design Patterns and it was well worth the read. Danny introduces the notion of a Distributed Service Bus (I think I have also heard him refer to it as an Internet Service Bus) allowing multiple organizations to collaborate on extremely complex business processes.

As with most business processes, these are subject to service unavailability errors, message translation and enrichment requirements, but because they span multiple organizational boundaries must also worry about routing across perimeter networks and error recovery in remote domains. Danny talks about how he has used a combination of Microsoft's ESB Guidance (predominantly the Itinerary pattern) and the Microsoft Global Practices Managed Service Engine (predominantly for routing across perimeter networks) to provide the DSB capability.

Geneva Identity Management Framework

Jason Hogg — Mon, 27 Oct 2008 22:08:00 GMT

For anyone who has followed my blogs around developing an STS or writing authorization policies you will be very interested in Kim Cameron's announcement at PDC of the Geneva Identity Management platform. Genvea includes:

Geneva Framework - A .NET framework for writing interoperable, claims aware applicatoins
Geneva STS - An STS integrated with AD. Supports issuance (finally) and consumption of Cardspace Cards.
CardSpace Geneva - A federation client

In addition to these framework like components, there are also a couple of services (biult using Geneva) including:

Microsoft Federation Gateway - Provides the basis for the Microsoft Services Identity backbone - brokering access to Microsoft cloud applications and developre services
Microsoft Connector Services - Federates AD to the Microsoft Federation Gateway. Provides lightweight access to the federation gateway.
.NET Access Control Service - Next generation service (STS) that performs claims transformation. It receives authentication information and issues authz decisions. This includes a management portal and API's for managing and writing authz policies.

I haven't had a chance to play with any of these tools yet, but will be very interested to see how the Access Control Service's capabilities compare with SecPAL... :-)

Microsoft Azure cloud OS announced at PDC2008

Jason Hogg — Mon, 27 Oct 2008 20:51:00 GMT

I am here at the PDC in Los Angeles having just watched Ray Ozzie and Bob Muglia finally present the next generation of Microsoft's Cloud Services / Software plus Services strategy with the release of our new operating system for the cloud "Azure"!

Windows Azure was designed from the ground up for the needs of cloud based computing models. It includes capabilities such as:

Scalable hosting - from a fraction of a server to many servers
Automated service management - fabric controller manages the health and lifetime of deployed services according to a services model
High-availability - replicated backend storage
Rich developer experience
Open platform - Command line interfaces, REST protocols, WS, Web…

As I watched the presentation it dawned on me some of the parallels between how existing operating systms are designed and the functions that will now be fulfilled by Azure. The diagram below shows a conceptual view of the core layers in existing operating systems, which are typically split between kernel mode and user mode where user applications are designed to be run.

Logically Azure follows a similar model having the Azure OS providing the equivalent of the kernel exept now running in the cloud managing a potentially limitless number of CPU's, memory and disk storage all hosted in the cloud.

Moving up a level we have the Microsoft Azure Services Platform. As with the executive in an OS taking responsibility for security, storage, I/O and IPC; Azure provides a host of similar capabilities. At the lowest level the Azure Services Platform includes support for .Net Services including a Service Bus, Access Control and Workflow Services. It also includes SQL Services. At a higher level the Azure Services Platform includes support for Live Services, Sharepoint Services and Dynamics CRM Services.

In terms of how applications can be designed to run on in this new cloud based paradigm the great news is that it is all through our existing tools and languages - Visual Studio and .NET. At the highest level in the stack where traditionally applications like Office would run, we now have online extensions to these products including: Windows Live, Office Live, Exchange Online, Sharepoint Online and Dynamics CRM Online.

Anyway, this post should introduce you to some key concepts and technologies that I believe are going to be critical to consider as you design distributed applications moving forward. I personally think this announcement and the associated announcements that you will continue to hear over the course of this week is the most significant change in our industry since the release of .NET.