Monday, September 12, 2011

SOA & Business: Thoughts from a Pro

Most developers and architects today understand the fundamentals of SOA. SOA concepts and related technologies such as WS-* have been around for several years now and they are not exactly the new kids in town. But it's surprising to see that many business organizations are still not harnessing the true power and potential of SOA. SOA can help make a business more agile and flexible to change while reducing lot of development and maintenance overheads. It can also address many IT management problems by implanting proper SOA governance practices and processes within an organization. So then why many organizations have yet failed to realize these goals with SOA?
While many companies have been struggling to implement proper SOA, eBay, the world's largest on-line market place, has done wonders with it. Most of eBay's IT infrastructure is based on SOA principles. They have also developed a fantastic SOA platform called eBay Turmeric, which they open sourced a few months ago (this framework uses WSO2 Governance Registry inside). Sastri Malladi, who is a distinguished architect at eBay has been a driving force behind these SOA adoption efforts. In a couple of days time he's going to deliver a keynote speech titled "Service Orientation - Why is it good for business?" at WSO2Con. If you are wondering why business organizations should consider SOA or why they are failing to implement proper SOA, this is the session to attend. I'm sure it's going to be a very exciting session.

Saturday, September 10, 2011

SOA & Security: Keeping the Evil Away

SOA is about opening up. Instead of writing tightly coupled code, you implement your business logic and data access logic as reusable services which can be accessed over a network. Applications, clients and other stakeholders consume these services in varying manners to interact with your business. But more data and business logic you open up, more insecure and vulnerable you organization becomes to various types of attacks. Therefore you need to think about the security aspects of your SOA deployment right from the beginning. Security should be an integrated part of your solution and not a patched up layer that lives elsewhere. We all know what happens to systems with poorly designed security aspects. Need I remind you the well known case of Cablegate?
Fortunately for developers and architects, there are tons of security mechanisms and technologies out there. However selecting the right set of security technologies is usually a quite cumbersome task. You need to carefully weigh in many factors including level of security required, performance, hardware availability and user experience. You should also take into account the strengths and weaknesses of each security mechanism before deploying any of them in your organization.
Prabath Siriwardena, one of our security Gurus, is preparing to deliver a speech titled “Security in Practice” next week at WSO2Con. He will be explaining some of the above mentioned challenges associated with SOA security and how to overcome them using widely accepted security technologies such as WS-Security, WS-Trust, SAML, XACML, OpenID and OAuth. Prabath will discuss each of these technologies in detail, while exploring the pros and cons of each approach. If you are looking to develop a system based on SOA or just looking around to learn the security best practices in the industry, this is the session to attend. So don’t miss this opportunity of a lifetime.

Thursday, September 8, 2011

SOA & ESB: Food for Thought

With the immense popularity of Web Services and SOA, the term "Enterprise Service Bus" has become a well known technical buzz word. Many people consider Enterprise Service Bus (ESB) to be a magic wand by which any problem in enterprise integration and SOA can be solved at a whim. But what is the real technical definition of ESB? What are the problems it's supposed to solve? What are the fundamental services and facilities provided by an ESB? What are its limitations and what are the problems it's not supposed to solve? Many people don't really know the answers to these important questions and end up using the wrong tool to solve the wrong problem.
Some people consider ESB as a shortcut to implementing SOA. And why not? Most ESB solutions out their (including our own WSO2 ESB) provide excellent support for SOAP, WSDL and a plethora of other WS-* standards. But does adding an ESB into a solution architecture really bring any SOA aspects into it? On the other hand is it possible to implement a SOA without using an ESB? Food for thought...
Now don't get me wrong. ESB is a fantastic piece of technology. The number of problems it can solve and the number of use cases it can support is mind boggling. Having worked with a number of customers in the past, I've learnt that regardless of the application of SOA principles, it's almost impossible to implement a useful integration solution without an ESB. However as developers and architects we must have a good understanding of what an ESB is and what it is capable of so we can put the ESB technology to use in a more effective manner. Knowing the answers to above questions will help us make better choices when planning out an integration project and selecting middleware for a solution implementation.
I'm going to make an attempt at answering some of the above mentioned questions in my WSO2Con talk scheduled for next Tuesday. It would be interesting to listen to the feedback other developers and architects in the audience have to offer regarding these all important issues. So if you're keen on learning the fundamentals of enterprise integration and ESB feel free to drop in to my talk titled "ESB: The Swiss Army Knife of SOA". If you're not interested in this particular topic, please do join us at WSO2Con anyway. We have 20+ other professionals lined up to deliver some amazing tech talks. I'm sure you will find it interesting and useful.

Wednesday, September 7, 2011

WSO2Con 2011... An Event Not to Miss

WSO2Con 2011 is happening next week at Colombo. It's going to be a parade of tech talks conducted by 20+ brilliant speakers from all around the world. WSO2 also has plenty of tutorials, hands-on technical sessions and entertainment items planned for the attendees. This is definitely not an event to miss.