Welcome!

Microservices Expo Authors: Stackify Blog, Pat Romanski, Liz McMillan, Elizabeth White, Yeshim Deniz

Related Topics: Microservices Expo

Microservices Expo: Article

Best Practices for Building SOA Applications

Seven Steps to SOA Adoption Part One: Publish and Orchestrate

Service Oriented Architecture (SOA) facilitates the development of applications as modular business services that can be easily integrated, secured, and administered. Benefits of an SOA approach include more-rapid development, decreased maintenance and change management costs, and improved business visibility. However, achieving these benefits isn't automatic - although many early adopters of SOA have been able to realize its promise fully, others have struggled to find the best architecture and design patterns for this approach.

The SOA model is about asynchronous, loosely coupled, stateless interactions through the use of standard component interfaces and architectures. However, it's often not obvious how this approach should be combined with traditional development practices and patterns such as model-view-controller (MVC) and synchronous and transactional Java or C/C++/C# coding. Likewise, the area of testing is one in which the flexibility of a loosely coupled architecture introduces new complexities (See Figure 1).

This article is the first of a two-part series that will outline the best practices and pitfalls that are starting to emerge for SOA, based on real-world customer implementation experiences. With this series, we hope to enable organizations to consider a few of these concerns earlier in the design process, thereby building on the successes of their predecessors and avoiding some of the mistakes.

Challenges to SOA Adoption
Adopting a SOA involves more than just technology. Organizational issues play a major factor in the success of SOA initiatives. These factors include retraining, business and IT decision-making processes, governance and security. These are always issues whenever a new technology or architecture emerges; however, SOA has unique characteristics that amplify some of these complexities. For example, security has always been important, but a distributed SOA means that more information will be passing over a network as compared with a tightly coupled architecture.

It also means that teams and departments may become more interdependent on each other. If a group is building a risk analysis engine for a development project, that cost is going to be budgeted in that project. But the extra effort of making it a generic service, and publishing, maintaining, and securing it so that other applications can make effective use of it will incur additional development cost and must be explicitly supported by the organization as a whole. Incentives and oversight/governance need to be put in place at the broadest levels possible for a SOA to be more than just an implementation approach for individual projects.

At a purely technical level, developers must approach SOA projects with a different mindset than they have for tightly coupled implementations. Learning to identify the appropriate level of granularity for a service, determining what should be coded in languages like BPEL versus what should be in Java, and becoming comfortable with a new set of design patterns will take some time. Organizations embarking on their first SOA implementations should plan for a certain amount of exploration and refactoring in their schedules. Also, just because SOA and these new standards provide IT with a shiny new hammer doesn't mean that all projects are nails. We've often seen new tools, such as Web Services, asynchronous interfaces, and process languages like BPEL, over-generalized and used for problems they weren't suited for. For example, while we are strong proponents of BPEL, there are things that it isn't appropriate for, such as UI orchestration and highly computational business logic.

Three areas where we've seen companies encounter difficulties when adopting SOA are interoperability, testing, and performance. The nature of the service-oriented world is that it makes interoperability more difficult and more important than it is with traditional three-tier architectures. A major value of a loosely coupled standard service interface model like WSDL is that clients of a service don't need to know what technology is used to implement the service (and vice versa). But this makes for a combinational explosion when testing for interoperability. Similarly, testing SOA applications that interact with many external services is a significant challenge. Troubleshooting and performance tuning are also more complex due to the many different layers that may be involved in a single process or application.

However, all is not lost. If you haven't been scared away from SOA yet, we'll explain how some of the best practices that are starting to emerge for SOA adoption can help address these challenges. These best practices come from working closely with many customers in their initial SOA implementations and have been learned as much from problems and errors ("worst practices") as from successes.

Seven Steps to SOA Adoption
We see the following as the key steps to effective SOA adoption:

  1. ) Create a portfolio of services
  2. ) Define connectivity and messaging interfaces
  3. ) Process orchestration, workflow, and rules
  4. ) Rich user interfaces
  5. ) Business activity monitoring
  6. ) Security and management
  7. ) Performance and scalability
We recommend that you not approach these steps in a sequential order. For example, it's very risky to consider performance only at the end of a project, at which point design decisions that affect scalability can be very difficult to change. The best way to use these steps is to apply them all to a thin slice of a project and then iterate through rapidly expanding prototypes as additional functionality is added.

In this article we'll describe the first three steps. Next month we'll look at the second set of steps in detail as well as some "worst practices" that vividly illustrate some of the potholes to avoid on the road to SOA.

Portfolio of Services
It's important to lock down the interfaces to services and backend systems early in the development process. WSDL and XML schema will be your best friends when interfaces remain relatively stable and your worst enemies if they're constantly changing. Although a service-oriented approach provides the flexibility and agility that makes applications easier to change, the simplest changes will be when only the implementation of a service changes, while the interface to the service remains constant. Conversely, when the interface itself changes, the impact of that change will propagate broadly (and perhaps unpredictably) throughout your infrastructure. As a result, using coarse-grained, document-based interfaces for services will provide the most flexibility.

As mentioned, interoperability is both critical and non-trivial in a service-oriented world. We find that a governance policy requiring that services be WS-I Basic Profile–compliant (www.ws-i.org/Profiles/BasicProfile-1.0-2004-04-16.html) is a best practice. For example, key Basic Profile requirements include avoiding RPC encoding and SOAP-encoded arrays that seriously restrict interoperability.

Finally, a UDDI registry and taxonomy for organizing services is important; however, the first step is to lock down the interfaces, regardless of whether they're kept in a registry. But over time, as organizations create more services, a common directory becomes increasingly more important.

Connectivity and Messaging
The next step is to determine what protocols will be used for connecting to services. SOAP is the canonical Web Services protocol, but it's not supported yet by many current backend systems and may not be appropriate for all services. Other options include packaged adapters and flexible binding frameworks such as the Web Services Invocation Framework (WSIF), an Open Source framework owned by Apache (http://ws.apache.org/wsif/).

WSIF enables service interfaces to be described by a standard WSDL and then leverages a binding for the native protocol of the backend system. This provides a "best of both worlds" approach with the loosely coupled architecture of Web Services but also the performance and transactionality of native system protocols.

WSIF bindings are now available for many protocols including Java, EJB, XML over HTTP (for a REST-style interface), JMS, and JCA. As with most design choices, there are tradeoffs involved in this approach. A WSDL with SOAP binding will incur a performance penalty and lose any transaction monitoring capabilities that may be supported natively by the backend system, but it provides maximum interoperability. Non-SOAP WSIF bindings can improve performance and provide twophase commit transaction support, but the tradeoff is the loss of some interoperability. Tools like Oracle Application Server and Axis from Apache can support WSDLs with both SOAP and native protocol WSIF bindings, so the interface can be as flexible as possible. We anticipate that in the future, the WSIF approach will evolve into a next-generation implementation with the service component architecture (SCA) (http://otn.oracle.com/tech/webservices/standards/sca), but the concept remains the same. (see Figure 2)

Key factors to take into account when selecting connectivity protocols include requirements for performance, transactionality, scalability, quality of service, and interoperability. In the area of performance and scalability, it's critical that the final requirements be known and tested for as early in the design process as possible, because it's often only with a "performance POC" that the right decisions can be made early enough in the design and architecture process to avoid costly redesign later.

Service virtualization and logical naming become particularly important when a service's location may change or when levels of service availability, scalability, and security have to be changeable without modifying clients. In these cases, two approaches are possible - either use a dynamic registry lookup or a Web Services management technology as described later in this article. These approaches and options are typically supported by Enterprise Service Buses (ESBs) from the major technology vendors.

Process Orchestration, Workflow, and Rules
Once you know what service interfaces and protocols you will use, the next step is to define the composite applications and business processes around those services. Here we believe very strongly in the Business Process Execution Language (BPEL) standard from OASIS. BPEL lets business processes be defined in a standard format, and it has gained tremendous market traction among both vendors and end users over the past several years. There are now thousands of mission-critical BPEL processes in production across hundreds of enterprises. (see Figure 3)


More Stories By Dave Shaffer

Dave Shaffer has been helping customers use the Oracle BPEL Process Manager since 2001, managing implementation projects, providing technical training, and ensuring successful implementations. Prior to joining Oracle, Shaffer was a principal consultant at Collaxa, a managing director at Eleven Acceleration, and manager of a professional services group at Apple Computer.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
vu tuan anh 06/16/08 10:16:56 PM EDT

This is interesting article, I'd like it. Could you send me some SOA documents to my e-mail? Thanks alot.

j j 09/21/06 02:53:40 PM EDT

Service Oriented Architecture (SOA) facilitates the development of applications as modular business services that can be easily integrated, secured, and administered. Benefits of an SOA approach include more-rapid development, decreased maintenance and change management costs, and improved business visibility. However, achieving these benefits isn't automatic - although many early adopters of SOA have been able to realize its promise fully, others have struggled to find the best architecture and design patterns for this approach.

@MicroservicesExpo Stories
It has never been a better time to be a developer! Thanks to cloud computing, deploying our applications is much easier than it used to be. How we deploy our apps continues to evolve thanks to cloud hosting, Platform-as-a-Service (PaaS), and now Function-as-a-Service. FaaS is the concept of serverless computing via serverless architectures. Software developers can leverage this to deploy an individual "function", action, or piece of business logic. They are expected to start within milliseconds...
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus intern...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including cloud...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
This talk centers around how to automate best practices in a multi-/hybrid-cloud world based on our work with customers like GE, Discovery Communications and Fannie Mae. Today’s enterprises are reaping the benefits of cloud computing, but also discovering many risks and challenges. In the age of DevOps and the decentralization of IT, it’s easy to over-provision resources, forget that instances are running, or unintentionally expose vulnerabilities.
One of the biggest challenges with adopting a DevOps mentality is: new applications are easily adapted to cloud-native, microservice-based, or containerized architectures - they can be built for them - but old applications need complex refactoring. On the other hand, these new technologies can require relearning or adapting new, oftentimes more complex, methodologies and tools to be ready for production. In his general session at @DevOpsSummit at 20th Cloud Expo, Chris Brown, Solutions Marketi...
There are two main reasons for infrastructure automation. First, system administrators, IT professionals and DevOps engineers need to automate as many routine tasks as possible. That’s why we build tools at Stackify to help developers automate processes like application performance management, error monitoring, and log management; automation means you have more time for mission-critical tasks. Second, automation makes the management of complex, diverse environments possible and allows rapid scal...
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, Cloud Expo and @ThingsExpo are two of the most important technology events of the year. Since its launch over eight years ago, Cloud Expo and @ThingsExpo have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, I provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading the...
The purpose of this article is draw attention to key SaaS services that are commonly overlooked during contact signing that are essential to ensuring they meet the expectations and requirements of the organization and provide guidance and recommendations for process and controls necessary for achieving quality SaaS contractual agreements.
SYS-CON Events announced today that OpsGenie will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2012, OpsGenie is an alerting and on-call management solution for dev and ops teams. OpsGenie provides the tools needed to design actionable alerts, manage on-call schedules and escalations, and ensure that the right people are notified at the right time, using multiple notification methods.
The first step to solving a problem is recognizing that it actually exists. And whether you've realized it or not, cloud services are a problem for your IT department. Even if you feel like you have a solid grasp of cloud technology and the nuances of making a cloud purchase, business leaders don't share the same confidence. Nearly 80% feel that IT lacks the skills necessary to help with cloud purchases-and they're looking to cloud brokers for help instead. It's time to admit we have a cloud s...
According to a recent Gartner study, by 2020, it will be unlikelythat any enterprise will have a “no cloud” policy, and hybrid will be the most common use of the cloud. While the benefits of leveraging public cloud infrastructures are well understood, the desire to keep critical workloads and data on-premise in the private data center still remains. For enterprises, the hybrid cloud provides a best of both worlds solution. However, the leading factor that determines the preference to the hybrid ...
In this modern world of IT, you've probably got some new colleagues in your life-namely, the cloud and SaaS providers who now hold your infrastructure in their hands. These business relationships-yes, they're technology-based, but cloud and SaaS are business models-will become as important to your IT team and your company as the hardware and software you used to install. Once you've adopted SaaS, or inherited SaaS, it's on you to avoid price hikes, licensing issues and app or provider sprawl....
A completely new computing platform is on the horizon. They’re called Microservers by some, ARM Servers by others, and sometimes even ARM-based Servers. No matter what you call them, Microservers will have a huge impact on the data center and on server computing in general. Although few people are familiar with Microservers today, their impact will be felt very soon. This is a new category of computing platform that is available today and is predicted to have triple-digit growth rates for some ...
In IT, we sometimes coin terms for things before we know exactly what they are and how they’ll be used. The resulting terms may capture a common set of aspirations and goals – as “cloud” did broadly for on-demand, self-service, and flexible computing. But such a term can also lump together diverse and even competing practices, technologies, and priorities to the point where important distinctions are glossed over and lost.
DevOps is speeding towards the IT world like a freight train and the hype around it is deafening. There is no reason to be afraid of this change as it is the natural reaction to the agile movement that revolutionized development just a few years ago. By definition, DevOps is the natural alignment of IT performance to business profitability. The relevance of this has yet to be quantified but it has been suggested that the route to the CEO’s chair will come from the IT leaders that successfully ma...