Welcome!

Microservices Expo Authors: Chris Schwarz, Todd Matters, Elizabeth White, Pat Romanski, Stackify Blog

Related Topics: Microservices Expo

Microservices Expo: Article

Best Practices for Building SOA Applications

Seven Steps to SOA Adoption Part One: Publish and Orchestrate

Service Oriented Architecture (SOA) facilitates the development of applications as modular business services that can be easily integrated, secured, and administered. Benefits of an SOA approach include more-rapid development, decreased maintenance and change management costs, and improved business visibility. However, achieving these benefits isn't automatic - although many early adopters of SOA have been able to realize its promise fully, others have struggled to find the best architecture and design patterns for this approach.

The SOA model is about asynchronous, loosely coupled, stateless interactions through the use of standard component interfaces and architectures. However, it's often not obvious how this approach should be combined with traditional development practices and patterns such as model-view-controller (MVC) and synchronous and transactional Java or C/C++/C# coding. Likewise, the area of testing is one in which the flexibility of a loosely coupled architecture introduces new complexities (See Figure 1).

This article is the first of a two-part series that will outline the best practices and pitfalls that are starting to emerge for SOA, based on real-world customer implementation experiences. With this series, we hope to enable organizations to consider a few of these concerns earlier in the design process, thereby building on the successes of their predecessors and avoiding some of the mistakes.

Challenges to SOA Adoption
Adopting a SOA involves more than just technology. Organizational issues play a major factor in the success of SOA initiatives. These factors include retraining, business and IT decision-making processes, governance and security. These are always issues whenever a new technology or architecture emerges; however, SOA has unique characteristics that amplify some of these complexities. For example, security has always been important, but a distributed SOA means that more information will be passing over a network as compared with a tightly coupled architecture.

It also means that teams and departments may become more interdependent on each other. If a group is building a risk analysis engine for a development project, that cost is going to be budgeted in that project. But the extra effort of making it a generic service, and publishing, maintaining, and securing it so that other applications can make effective use of it will incur additional development cost and must be explicitly supported by the organization as a whole. Incentives and oversight/governance need to be put in place at the broadest levels possible for a SOA to be more than just an implementation approach for individual projects.

At a purely technical level, developers must approach SOA projects with a different mindset than they have for tightly coupled implementations. Learning to identify the appropriate level of granularity for a service, determining what should be coded in languages like BPEL versus what should be in Java, and becoming comfortable with a new set of design patterns will take some time. Organizations embarking on their first SOA implementations should plan for a certain amount of exploration and refactoring in their schedules. Also, just because SOA and these new standards provide IT with a shiny new hammer doesn't mean that all projects are nails. We've often seen new tools, such as Web Services, asynchronous interfaces, and process languages like BPEL, over-generalized and used for problems they weren't suited for. For example, while we are strong proponents of BPEL, there are things that it isn't appropriate for, such as UI orchestration and highly computational business logic.

Three areas where we've seen companies encounter difficulties when adopting SOA are interoperability, testing, and performance. The nature of the service-oriented world is that it makes interoperability more difficult and more important than it is with traditional three-tier architectures. A major value of a loosely coupled standard service interface model like WSDL is that clients of a service don't need to know what technology is used to implement the service (and vice versa). But this makes for a combinational explosion when testing for interoperability. Similarly, testing SOA applications that interact with many external services is a significant challenge. Troubleshooting and performance tuning are also more complex due to the many different layers that may be involved in a single process or application.

However, all is not lost. If you haven't been scared away from SOA yet, we'll explain how some of the best practices that are starting to emerge for SOA adoption can help address these challenges. These best practices come from working closely with many customers in their initial SOA implementations and have been learned as much from problems and errors ("worst practices") as from successes.

Seven Steps to SOA Adoption
We see the following as the key steps to effective SOA adoption:

  1. ) Create a portfolio of services
  2. ) Define connectivity and messaging interfaces
  3. ) Process orchestration, workflow, and rules
  4. ) Rich user interfaces
  5. ) Business activity monitoring
  6. ) Security and management
  7. ) Performance and scalability
We recommend that you not approach these steps in a sequential order. For example, it's very risky to consider performance only at the end of a project, at which point design decisions that affect scalability can be very difficult to change. The best way to use these steps is to apply them all to a thin slice of a project and then iterate through rapidly expanding prototypes as additional functionality is added.

In this article we'll describe the first three steps. Next month we'll look at the second set of steps in detail as well as some "worst practices" that vividly illustrate some of the potholes to avoid on the road to SOA.

Portfolio of Services
It's important to lock down the interfaces to services and backend systems early in the development process. WSDL and XML schema will be your best friends when interfaces remain relatively stable and your worst enemies if they're constantly changing. Although a service-oriented approach provides the flexibility and agility that makes applications easier to change, the simplest changes will be when only the implementation of a service changes, while the interface to the service remains constant. Conversely, when the interface itself changes, the impact of that change will propagate broadly (and perhaps unpredictably) throughout your infrastructure. As a result, using coarse-grained, document-based interfaces for services will provide the most flexibility.

As mentioned, interoperability is both critical and non-trivial in a service-oriented world. We find that a governance policy requiring that services be WS-I Basic Profile–compliant (www.ws-i.org/Profiles/BasicProfile-1.0-2004-04-16.html) is a best practice. For example, key Basic Profile requirements include avoiding RPC encoding and SOAP-encoded arrays that seriously restrict interoperability.

Finally, a UDDI registry and taxonomy for organizing services is important; however, the first step is to lock down the interfaces, regardless of whether they're kept in a registry. But over time, as organizations create more services, a common directory becomes increasingly more important.

Connectivity and Messaging
The next step is to determine what protocols will be used for connecting to services. SOAP is the canonical Web Services protocol, but it's not supported yet by many current backend systems and may not be appropriate for all services. Other options include packaged adapters and flexible binding frameworks such as the Web Services Invocation Framework (WSIF), an Open Source framework owned by Apache (http://ws.apache.org/wsif/).

WSIF enables service interfaces to be described by a standard WSDL and then leverages a binding for the native protocol of the backend system. This provides a "best of both worlds" approach with the loosely coupled architecture of Web Services but also the performance and transactionality of native system protocols.

WSIF bindings are now available for many protocols including Java, EJB, XML over HTTP (for a REST-style interface), JMS, and JCA. As with most design choices, there are tradeoffs involved in this approach. A WSDL with SOAP binding will incur a performance penalty and lose any transaction monitoring capabilities that may be supported natively by the backend system, but it provides maximum interoperability. Non-SOAP WSIF bindings can improve performance and provide twophase commit transaction support, but the tradeoff is the loss of some interoperability. Tools like Oracle Application Server and Axis from Apache can support WSDLs with both SOAP and native protocol WSIF bindings, so the interface can be as flexible as possible. We anticipate that in the future, the WSIF approach will evolve into a next-generation implementation with the service component architecture (SCA) (http://otn.oracle.com/tech/webservices/standards/sca), but the concept remains the same. (see Figure 2)

Key factors to take into account when selecting connectivity protocols include requirements for performance, transactionality, scalability, quality of service, and interoperability. In the area of performance and scalability, it's critical that the final requirements be known and tested for as early in the design process as possible, because it's often only with a "performance POC" that the right decisions can be made early enough in the design and architecture process to avoid costly redesign later.

Service virtualization and logical naming become particularly important when a service's location may change or when levels of service availability, scalability, and security have to be changeable without modifying clients. In these cases, two approaches are possible - either use a dynamic registry lookup or a Web Services management technology as described later in this article. These approaches and options are typically supported by Enterprise Service Buses (ESBs) from the major technology vendors.

Process Orchestration, Workflow, and Rules
Once you know what service interfaces and protocols you will use, the next step is to define the composite applications and business processes around those services. Here we believe very strongly in the Business Process Execution Language (BPEL) standard from OASIS. BPEL lets business processes be defined in a standard format, and it has gained tremendous market traction among both vendors and end users over the past several years. There are now thousands of mission-critical BPEL processes in production across hundreds of enterprises. (see Figure 3)


More Stories By Dave Shaffer

Dave Shaffer has been helping customers use the Oracle BPEL Process Manager since 2001, managing implementation projects, providing technical training, and ensuring successful implementations. Prior to joining Oracle, Shaffer was a principal consultant at Collaxa, a managing director at Eleven Acceleration, and manager of a professional services group at Apple Computer.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
vu tuan anh 06/16/08 10:16:56 PM EDT

This is interesting article, I'd like it. Could you send me some SOA documents to my e-mail? Thanks alot.

j j 09/21/06 02:53:40 PM EDT

Service Oriented Architecture (SOA) facilitates the development of applications as modular business services that can be easily integrated, secured, and administered. Benefits of an SOA approach include more-rapid development, decreased maintenance and change management costs, and improved business visibility. However, achieving these benefits isn't automatic - although many early adopters of SOA have been able to realize its promise fully, others have struggled to find the best architecture and design patterns for this approach.

@MicroservicesExpo Stories
Colocation is a central pillar of modern enterprise infrastructure planning because it provides greater control, insight, and performance than managed platforms. In spite of the inexorable rise of the cloud, most businesses with extensive IT hardware requirements choose to host their infrastructure in colocation data centers. According to a recent IDC survey, more than half of the businesses questioned use colocation services, and the number is even higher among established businesses and busine...
For most organizations, the move to hybrid cloud is now a question of when, not if. Fully 82% of enterprises plan to have a hybrid cloud strategy this year, according to Infoholic Research. The worldwide hybrid cloud computing market is expected to grow about 34% annually over the next five years, reaching $241.13 billion by 2022. Companies are embracing hybrid cloud because of the many advantages it offers compared to relying on a single provider for all of their cloud needs. Hybrid offers bala...
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Microservices are increasingly used in the development world as developers work to create larger, more complex applications that are better developed and managed as a combination of smaller services that work cohesively together for larger, application-wide functionality. Tools such as Service Fabric are rising to meet the need to think about and build apps using a piece-by-piece methodology that is, frankly, less mind-boggling than considering the whole of the application at once. Today, we'll ...
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to ma...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
There's a lot to gain from cloud computing, but success requires a thoughtful and enterprise focused approach. Cloud computing decouples data and information from the infrastructure on which it lies. A process that is a LOT more involved than dragging some folders from your desktop to a shared drive. Cloud computing as a mission transformation activity, not a technological one. As an organization moves from local information hosting to the cloud, one of the most important challenges is addressi...
In the decade following his article, cloud computing further cemented Carr’s perspective. Compute, storage, and network resources have become simple utilities, available at the proverbial turn of the faucet. The value they provide is immense, but the cloud playing field is amazingly level. Carr’s quote above presaged the cloud to a T. Today, however, we’re in the digital era. Mark Andreesen’s ‘software is eating the world’ prognostication is coming to pass, as enterprises realize they must be...
Hybrid IT is today’s reality, and while its implementation may seem daunting at times, more and more organizations are migrating to the cloud. In fact, according to SolarWinds 2017 IT Trends Index: Portrait of a Hybrid IT Organization 95 percent of organizations have migrated crucial applications to the cloud in the past year. As such, it’s in every IT professional’s best interest to know what to expect.
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
A common misconception about the cloud is that one size fits all. Companies expecting to run all of their operations using one cloud solution or service must realize that doing so is akin to forcing the totality of their business functionality into a straightjacket. Unlocking the full potential of the cloud means embracing the multi-cloud future where businesses use their own cloud, and/or clouds from different vendors, to support separate functions or product groups. There is no single cloud so...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...
Companies have always been concerned that traditional enterprise software is slow and complex to install, often disrupting critical and time-sensitive operations during roll-out. With the growing need to integrate new digital technologies into the enterprise to transform business processes, this concern has become even more pressing. A 2016 Panorama Consulting Solutions study revealed that enterprise resource planning (ERP) projects took an average of 21 months to install, with 57 percent of th...
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, Doug Vanderweide, an instructor at Linux Academy, discussed why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers wit...