|By Tieu Luu||
|February 16, 2009 11:00 AM EST||
In May of 2003, the CIO of the Department of Defense established the Net-Centric Data Strategy [NCDS] as part of its transformation to Net-Centricity. The DoD's goal of Net-Centricity is the creation of a network of people, processes, systems, and infrastructure that enables a new approach to warfighting and business operations with improved military situational awareness, better access to business information, and dramatically shortened decision cycles. The Net-Centric Data Strategy addresses the key element that is required to make all this happen—information-sharing. Its main tenets are to make all data within the DoD visible, accessible, and understandable so that warfighters and civilian personnel have timely access to the information that they need to effectively accomplish their mission.
Since then, many programs within the DoD have embarked on the journey of making their systems more “net-centric" by applying principles of service-oriented architectures and using web service technologies to expose and share the data within those systems. As with many large enterprises, the DoD has adopted the SOAP WS-* approach to create web services. WS-* refers to the myriad of web service standards and specifications such as WS-Security, WS-Notification, WS-Policy, etc. The DoD is a large and complex organization with unique requirements, especially in the area of security, that require the use of many of these WS-* standards and specifications.
Although the DoD has had some initial successes using SOAP and WS-*, the popularity and success that is seen on the Web with the REST approach to web services should not be ignored. For example, the REST-based services of Amazon.com, one of the best-known examples of successful web services implementations in the commercial world, are much more widely used than its SOAP-based services. The popularity and success of REST has been so widespread that even Microsoft, one of the originators and primary supporters of WSDL, SOAP, and many of the WS-* specifications, has not been able to ignore it. In its latest version of .NET, Microsoft has added the ADO.NET Data Services that provide a framework for the creation and consumption of RESTful data services for the web. Given this growing popularity and support for REST, the DoD would be remiss if it did not consider REST in its implementation of the Net-Centric Data Strategy.
The purpose of this article is not to argue whether or not REST is a better approach than SOAP and WS-*, but to examine the principles of REST and how they align with the objectives and tenets of the DoD's Net-Centric Data Strategy. This examination will reveal areas where the DoD may be able to use REST in conjunction with its current approach to achieve a more effective implementation of the Net-Centric Data Strategy.
Principles of REST
REST is an acronym for Representational State Transfer, a term introduced by Roy Fielding in his dissertation [FIELDING] to describe the architectural style of the Web. Fielding was one of the key authors of HTTP and other Web standards and applied REST in the design of those standards. The REST style is based on a client-server architecture that emphasizes a high level of abstraction, scalability, and maximum interoperability. In recent years, the REST style has been increasingly used in the design and implementation of web services. In the REST style, services are modeled as a set of resources and clients interact with the services by transferring representations that capture the state of those resources. The objectives of the REST style are achieved through four key constraints that are applied against the architecture:
Uniform Interface - this is one of the most distinguishing and important features of REST. This constraint requires all resources to expose the same interface. The benefit of this is the simplicity and interoperability that is achieved through a single interface for all interactions.
Self-Descriptive Messages—this means that recipients should be able to understand a message using only the information contained in that message. To achieve this, messages should be based on standard media types and contain all the necessary metadata to describe them.
Addressable Resources—every resource should be assigned an identifier based on a universal syntax that makes the resource uniquely addressable. For example, on the Web, every resource is assigned a URI so that it can be referenced and accessed.
Hypermedia as the Engine of Application State—the representations of resources should contains paths (or links) to other related resources.Others have referred to this simply as the principle of “connectedness”—resources are connected to other relevant resources through links in their representations [RICHARDSON RUBY].
REST and Net-Centricity
A close examination of the Net-Centric Data Strategy reveals that REST principles are aligned to the net-centricity objectives of the DoD. The main tenets that are espoused by the Net-Centric Data Strategy are to make data visible, accessible, and understandable to both anticipated and unanticipated users. At first glance, these may seem simple and perhaps even trivial. However, the complexity lies in the scale in which the DoD is trying to achieve this. This is in many ways analogous to what the Web was trying to achieve. Tim Berners-Lee once wrote that “the goal of the Web was to be a shared information space through which people and machines could communicate” [WWW PPF]. The notion of a shared space is also central to the Net-Centric Data Strategy, which describes it as an area where users and applications post all data assets so that they can be shared by the DoD enterprise. Given the similarities, it is natural that REST being the architectural style of the Web will offer some key principles and guidelines that are applicable to the DoD’s implementation of the Net-Centric Data Strategy. To understand the synergies between REST and the Net-Centric Data Strategy, it is helpful to see how REST principles support each of the core tenets.
“Make Data Visible, …”
Making data visible means that users and applications (consumers of the data) can discover the existence of that data. Applying the REST principle of addressable resources means that every piece of data that is be exposed and shared would have an URI that allows that data to be indexed by search engines, registered in some catalog or registry or simply passed around through email—all of which enable that data to be discovered. The other principle supporting the visibility tenet is hypermedia as the engine of application state. As described earlier, this principle states that the representations of resources should contain links (URIs) to other relevant resources. Thus, from one piece of data, the user can discover other relevant data through the links that are present. The significance of this to information-sharing is important and will be discussed more later.
Once the data is discovered, in order to use that data, the consumer must be able to access it. The REST principle that supports the accessibility tenet is also the principle of addressable resources. Going back to the notion of a shared space for data, when a resource or a piece of data is assigned an URI, it has an address in that space. When something has an address, others will know how to get to it, or in other words it can be accessed. With the address available, the consumer can now use the protocol of the shared space to retrieve the data. If the shared space supports the principle of uniform interfaces, then all resources expose the same interface for access so any consumer will know how to access any resource. Thus, the uniform interface enables ubiquitous access to data.
Finally, once the consumer has discovered and accessed the data, it needs to be able to understand it in order to use it. The REST principle of self-descriptive messages helps to make data understandable. According to this principle, all messages (or in this case data) should be based on standard representation formats and contain the necessary metadata to describe the content. Constraining data to be based on standard formats ensures that it is understandable by a broad audience. Requiring every message to contain metadata ensures that consumers know which standard formats are being used to represent the data. In addition to the syntactic agreement enabled by self-descriptive messages, REST also enhances understandability by allowing data to be presented with links to other related data. This is enabled by the principles of addressable resources and hypermedia as the engine of application state—this was alluded to earlier in the discussion on the data visibility tenet. Applying the first principle, every piece of data that is exposed and shared would have an URI assigned to it. Next, following the principle of hypermedia as the engine of application state, these URIs can then be used to allow those individual pieces of data that are related to reference or link to each other. These links create a context around every piece of data that is shared, which enables a more accurate understanding of that data.
“Supporting the Unanticipated User…”
To implement the data strategy, communities of interest (COIs) across the DoD coalesce around logical families of data and design services to enable the sharing of that data. However, the strategy calls for data to be made visible, accessible, and understandable to both anticipated and unanticipated users. So that begs the question—how does one design a service for users that have not yet been anticipated? And conversely, how will a user that was not anticipated understand how to use a service it has just discovered? With regards to supporting the unanticipated user, no other system has done this better than the Web. In fact, that is the main objective of the Web—to make data available so that any user who is interested can access and use it. Primarily, it is the principle of uniform interfaces that has allowed the Web to so successfully support the model of unanticipated usage. Applying this principle means that all users, anticipated or not, interact with a service through the same interface. Thus, nothing special is required to design the service so that it can support the unanticipated user (at least from the interface design perspective). In addition to a service exposing the same interface for all users, all services also expose the same interface. Because all services expose the same interface, a user will know how to utilize a new service that it has just discovered based on past usage of other services. In other words, a user only needs to learn how to interact with one interface since all services expose that same interface. Some may argue that it is not practical or perhaps even possible for all services to expose the same interface. This is in fact one of the most highly debated issues between those in the REST camp and those in the SOAP WS-* camp. However, most people from both camps will agree that the uniform interface works well for scenarios in which data needs to be exposed through a web service that primarily provides read access. These scenarios represent a majority of the current efforts in the DoD’s implementation of the Net-Centric Data Strategy.
The Need for Both Approaches
Because of the size and complexity of its environment, there is no one-size-fits-all approach that can readily support all the requirements and constraints of the DoD. There are scenarios in which the SOAP WS-* approach is more applicable and others in which the RESTful approach is more applicable.
The SOAP WS-* approach provides a broad set of standards and specifications for quality of service features and also gives developers a lot of flexibility to define custom interfaces for the services that they wish to expose. This flexibility is useful for application-to-application integration scenarios internal to an organization. This is also useful in scenarios in which legacy applications need to be exposed to the rest of the enterprise. In either of these scenarios, the existing applications often constrain how the services may be exposed, so the flexibility to design service interfaces that can adapt to these constraints is important. Additionally, in these scenarios the services are often providing complex functionality and processes that may be difficult to model in a resource-oriented manner with uniform interfaces. It is also these types of scenarios that typically require many of the complex quality of service features that the SOAP WS-* approach has broad support for. Finally, these types of scenarios are more commonly found inside a single organization and less so across organizational boundaries. The SOAP WS-* approach typically results in large number of custom interfaces, but when this is occurring within a single organization, they are a lot easier to control and maintain than in scenarios where there are many organizations that are dependent on those interfaces.
The RESTful approach on the other hand, is very attractive for those large scale integration scenarios that cross many organizational boundaries. This is because the constraints imposed by the REST principles emphasize interoperability and scalability. The constraint of uniform interfaces supports those scenarios in which the consumer base for the services is so broad that it makes it difficult to create and maintain a large set of custom interfaces. In such cases, it makes more sense to apply a design in which a single interface can support all the required interactions. Unfortunately, modeling everything as a set of resources that are all exposed through a uniform interface is not always easy. Developers are accustomed to designing a specific interface for each piece of functionality or data that they wish to expose; forcing them to always use a uniform interface is antithetical to this. However, scenarios in which services are just providing access to data can easily support the uniform interface constraint.This is because any kind of data can be manipulated through the same set of create, read, update, and delete operations. Thus, scenarios in which it is primarily data that needs to be shared through web services make REST an easy choice.
This article has shown the synergies that exist between REST and the core tenets of the DoD’s Net-Centric Data Strategy, as well as the benefits to be gained from applying REST principles in the implementation of that strategy. Table 1 summarizes those synergies and benefits.
Alignment with Net-Centric Data Strategy
Hypermedia as the Engine of
Table 1: Summary of synergies between REST and Net-Centric Data Strategy
As stated in the introduction, the purpose of this article was not to argue whether or not REST is a better approach than SOAP and WS-* in the implementation of the Net-Centric Data Strategy. Instead, the intent here was to highlight the synergies and benefits of REST so that those responsible for implementation may open their eyes to an alternative approach that may be more effective in certain scenarios. It is hoped that after reading this article, they will consider a RESTful approach to Net-Centricity when they encounter those scenarios.
[FIELDING] Fielding, Roy Thomas. “Architectural Styles and the Design of Network-based Software Architectures”. Doctoral dissertation,
[NCDS] Department of Defense, Chief Information Officer. “Department of Defense Net-Centric Data Strategy.” May 9, 2003. http://www.defenselink.mil/cio-nii/docs/Net-Centric-Data-Strategy-2003-05-092.pdf
[WWW PPF] Berners-Lee, Tim. “The World Wide Web: Past, Present, Future.” August 1996. http://www.w3.org/People/Berners-Lee/1996/ppf.html
Whether you like it or not, DevOps is on track for a remarkable alliance with security. The SEC didn’t approve the merger. And your boss hasn’t heard anything about it. Yet, this unruly triumvirate will soon dominate and deliver DevSecOps faster, cheaper, better, and on an unprecedented scale. In his session at DevOps Summit, Frank Bunger, VP of Customer Success at ScriptRock, will discuss how this cathartic moment will propel the DevOps movement from such stuff as dreams are made on to a prac...
Aug. 30, 2015 01:00 AM EDT Reads: 202
It’s been proven time and time again that in tech, diversity drives greater innovation, better team productivity and greater profits and market share. So what can we do in our DevOps teams to embrace diversity and help transform the culture of development and operations into a true “DevOps” team? In her session at DevOps Summit, Stefana Muller, Director, Product Management – Continuous Delivery at CA Technologies, answered that question citing examples, showing how to create opportunities for ...
Aug. 30, 2015 01:00 AM EDT Reads: 466
SYS-CON Events announced today that DataClear Inc. will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. The DataClear ‘BlackBox’ is the only solution that moves your PC, browsing and data out of the United States and away from prying (and spying) eyes. Its solution automatically builds you a clean, on-demand, virus free, new virtual cloud based PC outside of the United States, and wipes it clean...
Aug. 29, 2015 07:15 PM EDT Reads: 366
In his session at 17th Cloud Expo, Ernest Mueller, Product Manager at Idera, will explain the best practices and lessons learned for tracking and optimizing costs while delivering a cloud-hosted service. He will describe a DevOps approach where the applications and systems work together to track usage, model costs in a granular fashion, and make smart decisions at runtime to minimize costs. The trickier parts covered include triggering off the right metrics; balancing resilience and redundancy ...
Aug. 29, 2015 05:00 PM EDT Reads: 161
Culture is the most important ingredient of DevOps. The challenge for most organizations is defining and communicating a vision of beneficial DevOps culture for their organizations, and then facilitating the changes needed to achieve that. Often this comes down to an ability to provide true leadership. As a CIO, are your direct reports IT managers or are they IT leaders? The hard truth is that many IT managers have risen through the ranks based on their technical skills, not their leadership ab...
Aug. 29, 2015 04:00 PM EDT Reads: 319
Several years ago, I was a developer in a travel reservation aggregator. Our mission was to pull flight and hotel data from a bunch of cryptic reservation platforms, and provide it to other companies via an API library - for a fee. That was before companies like Expedia standardized such things. We started with simple methods like getFlightLeg() or addPassengerName(), each performing a small, well-understood function. But our customers wanted bigger, more encompassing services that would "do ...
Aug. 29, 2015 03:00 PM EDT Reads: 214
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies leverage disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 17th Cloud Expo, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advance...
Aug. 29, 2015 11:00 AM EDT Reads: 247
What does “big enough” mean? It’s sometimes useful to argue by reductio ad absurdum. Hello, world doesn’t need to be broken down into smaller services. At the other extreme, building a monolithic enterprise resource planning (ERP) system is just asking for trouble: it’s too big, and it needs to be decomposed.
Aug. 29, 2015 10:00 AM EDT Reads: 334
Early in my DevOps Journey, I was introduced to a book of great significance circulating within the Web Operations industry titled The Phoenix Project. (You can read our review of Gene’s book, if interested.) Written as a novel and loosely based on many of the same principles explored in The Goal, this book has been read and referenced by many who have adopted DevOps into their continuous improvement and software delivery processes around the world. As I began planning my travel schedule last...
Aug. 29, 2015 10:00 AM EDT Reads: 507
Docker containerization is increasingly being used in production environments. How can these environments best be monitored? Monitoring Docker containers as if they are lightweight virtual machines (i.e., monitoring the host from within the container), with all the common metrics that can be captured from an operating system, is an insufficient approach. Docker containers can’t be treated as lightweight virtual machines; they must be treated as what they are: isolated processes running on hosts....
Aug. 29, 2015 10:00 AM EDT Reads: 124
SYS-CON Events announced today that G2G3 will exhibit at SYS-CON's @DevOpsSummit Silicon Valley, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Based on a collective appreciation for user experience, design, and technology, G2G3 is uniquely qualified and motivated to redefine how organizations and people engage in an increasingly digital world.
Aug. 29, 2015 09:30 AM EDT Reads: 435
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Aug. 29, 2015 09:30 AM EDT Reads: 854
Introducing Containers & Microservices Bootcamp at @CloudExpo Silicon Valley | #Containers #Microservices
SYS-CON Events announced today the Containers & Microservices Bootcamp, being held November 3-4, 2015, in conjunction with 17th Cloud Expo, @ThingsExpo, and @DevOpsSummit at the Santa Clara Convention Center in Santa Clara, CA. This is your chance to get started with the latest technology in the industry. Combined with real-world scenarios and use cases, the Containers and Microservices Bootcamp, led by Janakiram MSV, a Microsoft Regional Director, will include presentations as well as hands-on...
Aug. 29, 2015 09:15 AM EDT Reads: 240
The pricing of tools or licenses for log aggregation can have a significant effect on organizational culture and the collaboration between Dev and Ops teams. Modern tools for log aggregation (of which Logentries is one example) can be hugely enabling for DevOps approaches to building and operating business-critical software systems. However, the pricing of an aggregated logging solution can affect the adoption of modern logging techniques, as well as organizational capabilities and cross-team ...
Aug. 29, 2015 08:30 AM EDT Reads: 366
In today's digital world, change is the one constant. Disruptive innovations like cloud, mobility, social media, and the Internet of Things have reshaped the market and set new standards in customer expectations. To remain competitive, businesses must tap the potential of emerging technologies and markets through the rapid release of new products and services. However, the rigid and siloed structures of traditional IT platforms and processes are slowing them down – resulting in lengthy delivery ...
Aug. 29, 2015 07:45 AM EDT Reads: 557
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, discussed why containers should be paired with new architectural practices such as microservices rathe...
Aug. 29, 2015 06:00 AM EDT Reads: 379
Any Ops team trying to support a company in today’s cloud-connected world knows that a new way of thinking is required – one just as dramatic than the shift from Ops to DevOps. The diversity of modern operations requires teams to focus their impact on breadth vs. depth. In his session at DevOps Summit, Adam Serediuk, Director of Operations at xMatters, Inc., will discuss the strategic requirements of evolving from Ops to DevOps, and why modern Operations has begun leveraging the “NoOps” approa...
Aug. 29, 2015 05:30 AM EDT Reads: 350
Puppet Labs has announced the next major update to its flagship product: Puppet Enterprise 2015.2. This release includes new features providing DevOps teams with clarity, simplicity and additional management capabilities, including an all-new user interface, an interactive graph for visualizing infrastructure code, a new unified agent and broader infrastructure support.
Aug. 29, 2015 03:00 AM EDT Reads: 482
DevOps has traditionally played important roles in development and IT operations, but the practice is quickly becoming core to other business functions such as customer success, business intelligence, and marketing analytics. Modern marketers today are driven by data and rely on many different analytics tools. They need DevOps engineers in general and server log data specifically to do their jobs well. Here’s why: Server log files contain the only data that is completely full and accurate in th...
Aug. 29, 2015 12:15 AM EDT Reads: 343
The Microservices architectural pattern promises increased DevOps agility and can help enable continuous delivery of software. This session is for developers who are transforming existing applications to cloud-native applications, or creating new microservices style applications. In his session at DevOps Summit, Jim Bugwadia, CEO of Nirmata, will introduce best practices, patterns, challenges, and solutions for the development and operations of microservices style applications. He will discuss ...
Aug. 27, 2015 02:15 PM EDT Reads: 507