Welcome!

Microservices Expo Authors: Liz McMillan, Pat Romanski, Carmen Gonzalez, Elizabeth White, Jason Bloomberg

Related Topics: @CloudExpo, Containers Expo Blog

@CloudExpo: Article

Virtues of Service Virtualization in a Cloud

Service Virtualization is a crucial part of Federated SOA and cloud-based deployments

Virtualization Expo on Ulitzer

Service virtualization is the ability to create a virtual service from one or more predefined service files.  Service files are usually generated as a Web Service Description Language (WSDL, pronounced Wizdel, see tutorial for introduction to WSDL) file by service containers running business application developed in Java, .NET, PHP type programming languages. 

Service virtualization combines and slices business services deployed independent of the operating systems, programming language or hosting location. The services may be off-premise cloud services (SaaS, PaaS, IaaS)  or on-premise services deployed in a corporate data center. An intermediary cloud gateway sits between the producer and the consumer and aggregates the WSDLs. Based on policies enforced on the cloud gateway, only authorized operations are exposed to the consumers. A sample topology is as follows:

Service Virtualization Cloud Computing

 

In the virtualization diagram above, services A, B and C are deployed on-premise in the corporate data center whereas service D, E, and F are deployed off-premise at a cloud hosting provider such as Amazon EC2 or Rackspace.  The services produced are imported into a Cloud Gateway such as Forum Sentry, aggregated and then published to the consumers based on the credentials provided by the consumers at design-time. 

A new WSDL is generated by the Cloud Gateway that provides only those services that a consumer is entitled to see.  For example, in the diagram above, the internal consumer is provided a WSDL that only contains information related to services A-E, whereas the external consumer is provided a WSDL that contains only services B and F.  The consumers are not aware of whether the services are hosted on-premise in the Data Center or off-premise in the Cloud.

VIRTUES OF SERVICE VIRTUALIZATION

Security: The virtual WSDLs expose or hide operations extracted from imported source WSDLs selectively based on consumer authorization levels. The WSDL endpoints are cloaked with only intermediary's endpoints exposed.  Security is centeralized on the cloud gateway and decoupled from the business applications.  As services morph, the security policies can be controlled centrally.  Any security exposure can be rapidly remediated at the gateway without requiring immediate attention for "patching" a large number of services deployed across data centers and cloud providers.  Endpoint URL obfuscation that removes indications of  technology being deployed such as .jsp, .asmx, .php extensions provides a level of comfort to consumers by indicating a well integrated and standardized set of services.  Endpoint obfuscation also decreases techology-stack (Java, .NET, LAMP) specific attack vectors thereby reducing the attack surface area increased by exposing services.

Consistency: Virtualization provides the ability to select operations from multiple WSDLs and expose them to clients as a coherent single WSDL.  The alternate path to this technique is to provide multiple WSDLs generated by each container.  Typical containers take a class file or set of methods and generate a set of service definitions as a WSDL file.  Virtualization enables importing and aggregating such services generated from a variety of service container such as IBM WebSphere, WebLogic Server, Apache Axis, and .NET, selectively picking services that a consumer is authorized to see, and then generating a sub-set WSDL that only contains artifacts (XSD Schema, Message Definitions, Operation Names, Binding)  that a consumer is allowed to see.

Productivity:The main benefit of virtualization is the ability to mix and match operations without having to mannually copy and paste parts of the desired WSDLs into new WSDL files. It allows a corporations to generate a composite library of all supported operations and only expose the ones required for a particular consumer.  Service virtualization also provides a central location for service version management and service cataloguing.

Reliability: A service may be deployed redundantly on-premise and off-premise for capacity planning and management.  If an on-premise service is inundated with traffic, a cloud gateway can redirect traffic to off-premise cloud services.  In a catastrophic situation where either the data center or a cloud provider suffers an outage, a cloud gateway can provide fail-over capabilities.  A cloud gateway can also be used for failover across multi-cloud deployments.  As corporations migrate services to cloud providers, multi-cloud deployments that enable fault tolerance across clouds will become more prevalent.

Some of the challenges of Service Virtualization addressed by sophisticated Cloud Gateways, such as Forum Sentry include:

  • Protecting service endpoints through endpoint obfuscation.
  • Resolving different schemas that share the same namespace.
  • Reconciling incompatible constraints for elements that appear in multiple schemas.
  • Exposing the list of WSDLs that developers should be working on based on developer credentials. Although external trading partners typically require a single WSDL, internal developers work with multiple WSDLs. A list of WSDL needs to be retrieved from the cloud gateway to better manage developers working across multiple WSDLs.
  • Fault tolerance in multi-cloud deployments.

Service Virtualization is a crucial part of Federated SOA and cloud-based deployments. The vices of free-for-all operations can quickly result in chaos.  Highly distributed enviroments that require automated interaction with suppliers and customers as well as external service providers (SaaS, PaaS, IaaS) can only be controlled through cloud gateways that provide strong service virtualization.

More Stories By Mamoon Yunus

Mamoon Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of Forum Systems, he pioneered XML Security Gateways & Firewalls and was granted a patent for XML Gateway Appliances. He has spearheaded Forum's direction and strategy for eight generations of award-winning XML Security products. Prior to Forum Systems, Yunus was a Global Systems Engineer for webMethods (NASD: WEBM) where he developed XML-based business integration and architecture plans for Global 2000 companies such as GE, Pepsi, Siemens, and Mass Mutual. He has held various high-level executive positions at Informix (acquired by IBM) and Cambridge Technology Group.

He holds two Graduate Degrees in Engineering from MIT and a BSME from Georgia Institute of Technology. InfoWorld recognized Yunus as one of four "Up and coming CTOs to watch in 2004." He is a sought-after speaker at industry conferences such as RSA, Gartner, Web Services Edge, CSI, Network Interop, and Microsoft TechEd. Yunus has the distinction of showcasing Forum Systems' entrepreneurial leadership as a case study at the MIT Sloan School of Management. He has also been featured on CNBC as Terry Bradshaw's "Pick of the Week."

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Microservices Articles
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
"NetApp's vision is how we help organizations manage data - delivering the right data in the right place, in the right time, to the people who need it, and doing it agnostic to what the platform is," explained Josh Atwell, Developer Advocate for NetApp, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, will discuss why containers should be paired with new architectural practices such as microservices ra...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin, ...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In their Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, and Mark Lav...
Many organizations are now looking to DevOps maturity models to gauge their DevOps adoption and compare their maturity to their peers. However, as enterprise organizations rush to adopt DevOps, moving past experimentation to embrace it at scale, they are in danger of falling into the trap that they have fallen into time and time again. Unfortunately, we've seen this movie before, and we know how it ends: badly.
TCP (Transmission Control Protocol) is a common and reliable transmission protocol on the Internet. TCP was introduced in the 70s by Stanford University for US Defense to establish connectivity between distributed systems to maintain a backup of defense information. At the time, TCP was introduced to communicate amongst a selected set of devices for a smaller dataset over shorter distances. As the Internet evolved, however, the number of applications and users, and the types of data accessed and...