Welcome!

Microservices Expo Authors: Pat Romanski, Liz McMillan, Elizabeth White, Yeshim Deniz, Zakia Bouachraoui

Related Topics: Microservices Expo

Microservices Expo: Article

Best Practices for Building SOA Applications

Seven Steps to SOA Adoption Part One: Publish and Orchestrate

Service Oriented Architecture (SOA) facilitates the development of applications as modular business services that can be easily integrated, secured, and administered. Benefits of an SOA approach include more-rapid development, decreased maintenance and change management costs, and improved business visibility. However, achieving these benefits isn't automatic - although many early adopters of SOA have been able to realize its promise fully, others have struggled to find the best architecture and design patterns for this approach.

The SOA model is about asynchronous, loosely coupled, stateless interactions through the use of standard component interfaces and architectures. However, it's often not obvious how this approach should be combined with traditional development practices and patterns such as model-view-controller (MVC) and synchronous and transactional Java or C/C++/C# coding. Likewise, the area of testing is one in which the flexibility of a loosely coupled architecture introduces new complexities (See Figure 1).

This article is the first of a two-part series that will outline the best practices and pitfalls that are starting to emerge for SOA, based on real-world customer implementation experiences. With this series, we hope to enable organizations to consider a few of these concerns earlier in the design process, thereby building on the successes of their predecessors and avoiding some of the mistakes.

Challenges to SOA Adoption
Adopting a SOA involves more than just technology. Organizational issues play a major factor in the success of SOA initiatives. These factors include retraining, business and IT decision-making processes, governance and security. These are always issues whenever a new technology or architecture emerges; however, SOA has unique characteristics that amplify some of these complexities. For example, security has always been important, but a distributed SOA means that more information will be passing over a network as compared with a tightly coupled architecture.

It also means that teams and departments may become more interdependent on each other. If a group is building a risk analysis engine for a development project, that cost is going to be budgeted in that project. But the extra effort of making it a generic service, and publishing, maintaining, and securing it so that other applications can make effective use of it will incur additional development cost and must be explicitly supported by the organization as a whole. Incentives and oversight/governance need to be put in place at the broadest levels possible for a SOA to be more than just an implementation approach for individual projects.

At a purely technical level, developers must approach SOA projects with a different mindset than they have for tightly coupled implementations. Learning to identify the appropriate level of granularity for a service, determining what should be coded in languages like BPEL versus what should be in Java, and becoming comfortable with a new set of design patterns will take some time. Organizations embarking on their first SOA implementations should plan for a certain amount of exploration and refactoring in their schedules. Also, just because SOA and these new standards provide IT with a shiny new hammer doesn't mean that all projects are nails. We've often seen new tools, such as Web Services, asynchronous interfaces, and process languages like BPEL, over-generalized and used for problems they weren't suited for. For example, while we are strong proponents of BPEL, there are things that it isn't appropriate for, such as UI orchestration and highly computational business logic.

Three areas where we've seen companies encounter difficulties when adopting SOA are interoperability, testing, and performance. The nature of the service-oriented world is that it makes interoperability more difficult and more important than it is with traditional three-tier architectures. A major value of a loosely coupled standard service interface model like WSDL is that clients of a service don't need to know what technology is used to implement the service (and vice versa). But this makes for a combinational explosion when testing for interoperability. Similarly, testing SOA applications that interact with many external services is a significant challenge. Troubleshooting and performance tuning are also more complex due to the many different layers that may be involved in a single process or application.

However, all is not lost. If you haven't been scared away from SOA yet, we'll explain how some of the best practices that are starting to emerge for SOA adoption can help address these challenges. These best practices come from working closely with many customers in their initial SOA implementations and have been learned as much from problems and errors ("worst practices") as from successes.

Seven Steps to SOA Adoption
We see the following as the key steps to effective SOA adoption:

  1. ) Create a portfolio of services
  2. ) Define connectivity and messaging interfaces
  3. ) Process orchestration, workflow, and rules
  4. ) Rich user interfaces
  5. ) Business activity monitoring
  6. ) Security and management
  7. ) Performance and scalability
We recommend that you not approach these steps in a sequential order. For example, it's very risky to consider performance only at the end of a project, at which point design decisions that affect scalability can be very difficult to change. The best way to use these steps is to apply them all to a thin slice of a project and then iterate through rapidly expanding prototypes as additional functionality is added.

In this article we'll describe the first three steps. Next month we'll look at the second set of steps in detail as well as some "worst practices" that vividly illustrate some of the potholes to avoid on the road to SOA.

Portfolio of Services
It's important to lock down the interfaces to services and backend systems early in the development process. WSDL and XML schema will be your best friends when interfaces remain relatively stable and your worst enemies if they're constantly changing. Although a service-oriented approach provides the flexibility and agility that makes applications easier to change, the simplest changes will be when only the implementation of a service changes, while the interface to the service remains constant. Conversely, when the interface itself changes, the impact of that change will propagate broadly (and perhaps unpredictably) throughout your infrastructure. As a result, using coarse-grained, document-based interfaces for services will provide the most flexibility.

As mentioned, interoperability is both critical and non-trivial in a service-oriented world. We find that a governance policy requiring that services be WS-I Basic Profile–compliant (www.ws-i.org/Profiles/BasicProfile-1.0-2004-04-16.html) is a best practice. For example, key Basic Profile requirements include avoiding RPC encoding and SOAP-encoded arrays that seriously restrict interoperability.

Finally, a UDDI registry and taxonomy for organizing services is important; however, the first step is to lock down the interfaces, regardless of whether they're kept in a registry. But over time, as organizations create more services, a common directory becomes increasingly more important.

Connectivity and Messaging
The next step is to determine what protocols will be used for connecting to services. SOAP is the canonical Web Services protocol, but it's not supported yet by many current backend systems and may not be appropriate for all services. Other options include packaged adapters and flexible binding frameworks such as the Web Services Invocation Framework (WSIF), an Open Source framework owned by Apache (http://ws.apache.org/wsif/).

WSIF enables service interfaces to be described by a standard WSDL and then leverages a binding for the native protocol of the backend system. This provides a "best of both worlds" approach with the loosely coupled architecture of Web Services but also the performance and transactionality of native system protocols.

WSIF bindings are now available for many protocols including Java, EJB, XML over HTTP (for a REST-style interface), JMS, and JCA. As with most design choices, there are tradeoffs involved in this approach. A WSDL with SOAP binding will incur a performance penalty and lose any transaction monitoring capabilities that may be supported natively by the backend system, but it provides maximum interoperability. Non-SOAP WSIF bindings can improve performance and provide twophase commit transaction support, but the tradeoff is the loss of some interoperability. Tools like Oracle Application Server and Axis from Apache can support WSDLs with both SOAP and native protocol WSIF bindings, so the interface can be as flexible as possible. We anticipate that in the future, the WSIF approach will evolve into a next-generation implementation with the service component architecture (SCA) (http://otn.oracle.com/tech/webservices/standards/sca), but the concept remains the same. (see Figure 2)

Key factors to take into account when selecting connectivity protocols include requirements for performance, transactionality, scalability, quality of service, and interoperability. In the area of performance and scalability, it's critical that the final requirements be known and tested for as early in the design process as possible, because it's often only with a "performance POC" that the right decisions can be made early enough in the design and architecture process to avoid costly redesign later.

Service virtualization and logical naming become particularly important when a service's location may change or when levels of service availability, scalability, and security have to be changeable without modifying clients. In these cases, two approaches are possible - either use a dynamic registry lookup or a Web Services management technology as described later in this article. These approaches and options are typically supported by Enterprise Service Buses (ESBs) from the major technology vendors.

Process Orchestration, Workflow, and Rules
Once you know what service interfaces and protocols you will use, the next step is to define the composite applications and business processes around those services. Here we believe very strongly in the Business Process Execution Language (BPEL) standard from OASIS. BPEL lets business processes be defined in a standard format, and it has gained tremendous market traction among both vendors and end users over the past several years. There are now thousands of mission-critical BPEL processes in production across hundreds of enterprises. (see Figure 3)


More Stories By Dave Shaffer

Dave Shaffer has been helping customers use the Oracle BPEL Process Manager since 2001, managing implementation projects, providing technical training, and ensuring successful implementations. Prior to joining Oracle, Shaffer was a principal consultant at Collaxa, a managing director at Eleven Acceleration, and manager of a professional services group at Apple Computer.

Comments (2) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
vu tuan anh 06/16/08 10:16:56 PM EDT

This is interesting article, I'd like it. Could you send me some SOA documents to my e-mail? Thanks alot.

j j 09/21/06 02:53:40 PM EDT

Service Oriented Architecture (SOA) facilitates the development of applications as modular business services that can be easily integrated, secured, and administered. Benefits of an SOA approach include more-rapid development, decreased maintenance and change management costs, and improved business visibility. However, achieving these benefits isn't automatic - although many early adopters of SOA have been able to realize its promise fully, others have struggled to find the best architecture and design patterns for this approach.

Microservices Articles
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addresse...
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.