Introduction to Web Services Management, Page 2
Web Services requests, responses, client session-related information, various events, and so forth should be logged. These logs are used for various vital operations, such as Services Provisioning, Monitoring, Performance Evaluations, Business Trend Analysis, and so on.
Web Services monitoring is essential as a part of management functionalities. Web Services Administrators should be able to monitor various events of all the deployed Web Services. This helps the administrators analyze business trends and manage Web Services.
Web Services Provisioning is responsible for defining the system behavior in terms of its technical and business functionalities.
For example, Web Services Clients should subscribe to Web Services. Clients are authenticated and authorized based on their subscription account before they access Web Services. Then, they are billed based on their usage of the system.
Here are the building blocks of the Web Service Provisioning System:
We can look into the subscription engine from these two perspectives:
- Administrator—This is the person responsible for defining various business terms and rules for the deployed Web Services. He/She can group different Web Services under Catalogs and set rules for the same. This way, all the Web Services having similar kinds of business functionalities can have the same sets of rules. The administrator should be able to manage various users (administrators and Web Services clients) and the subscription policies for Web Services.
- Web Services Clients—These are also called the business users of Web Services. Clients should be able to enroll themselves and then browse the directory of Web Services whose access has been given by the administrator. Clients, then, can apply for the subscription of listed Web Services.
Contracts are defined for linking the Web Services Clients to the terms of service (these terms include billing and rating packages). This contract is associated with each subscription of Web Services Clients. When the clients invoke the Web Services, authentication, authorization, and identity systems match the associated contract. Web Services Clients will not have access to invoked Web Services in case of an invalid contract.
In this process, Service Level Agreement (SLA) and Quality of Service (QoS) management applications play their role.
Metering and Billing
Clients will access Web Services based on the contract they have agreed upon when they subscribed to Web Services. To bill the clients, the system should be aware of the statistics of the contract, SLA, and QoS promised to the clients. A metering application gathers this usage and session statistics and the Billing application is responsible for co-relating the above-mentioned two statistics and produces a bill to the clients. Therefore, the Contract Management and Metering application should be treated as inputs to the Billing application.
Life Cycle Management
As the name of this WSM component suggests, it manages various stages of the Web Services life cycle. These stages are development, deployment, registering, and testing. The Life Cycle Manger keeps the information of each one of these stages and presents it to WSM administrator(s). It works in synchronization with WSM Tools, which control and manage various stages of Web Services (discussed under the "Tools" section, above).
This WSM component is built on monitoring and logging components. The basic functionality it offers is to produce audit trails enabling the reconstruction and examination of a sequence of events in Web Services context. The Auditor fulfills this function by reliably and securely keeping records of security-related events. Various security event data can be obtained from the logging application. Security events could include authentication events, policy, enforcement decisions, and so forth. The resulting audit trails may be used to detect attacks, confirm compliances with policy, deter abuse, or other purposes.
Mediation functionality enables the automated composition or federation of Web Services developed by various Web Services Providers (WSP) via a registry service. This component takes care of runtime dynamic discovery, subsequent binding, and execution of Web Services, from both a technical and business perspective.
There are various events defined in the Web Services life cycle; these events can be grouped together in technical as well as business contexts. Event Manager is responsible for keeping stock of these events per Web Services basis. Various rules can also be configured using Event Manager; for example, sending alerts if any event occurs, setting thresholds for events, and so on. All event information should be able to be presented to administrator(s) for further analysis or feeding to other WSM components.
Security Manager offers and guarantees authentication, authorization, privacy, trust, integrity, confidentiality, secure communication channels, federation, delegation, and auditing across a wide variety of Web Services.
The security mechanism enables us to achieve the following goals by a process in which:
- A Web Service can mandate an incoming message proving a set of claims (name, key, permission, capability, and so forth). If a message arrives without having the required claims, the service may ignore or reject the message. We refer to the set of required claims and related information as policy.
- A requester can send messages with proof of the required claims by associating security tokens with the messages. Thus, messages both demand a specific action and prove that their sender has the claim to demand the action.
- When a requester does not have the required claims, the requester or someone on its behalf can try to obtain the necessary claims by contacting other Web Services. These other Web Services, which we refer to as security token services, may in turn require their own set of claims. Security token services broker trust between different trust domains by issuing security tokens.
This mechanism can be developed implemented by using the WS-Security specifications.
Workflow is a very prevalent concept in today's business world and it applies to Web Services as well. As we know, Web Services are software components developed to solve some particular business problem. It makes a lot more sense to design business functionalities by visualizing a flow of more than one Web Service. This flow finally solves a bigger business problem than solved by its constituting Web Services when operated in an isolated manner.
Workflow Manger fulfills the above-mentioned need. It creates, tests, and manages the logical flows of Web Services. Dynamic discovery from registries, Security, and Transactional aspects of workflow are also covered in the engine.
A Virtualization application creates and manages 'virtual' endpoints for Web Services. The virtual endpoints can be dynamically associated with 'real' endpoints to manage fail-over, provide load balancing, and concurrently manage multiple versions of Web Services.
NOTE: As the readers must have noticed, some functionalities are covered in more than one WSM component. Actually, this is because some of the WSM components (Security, Life Cycle Manager, and so forth) have vast scope and their requirements overlap the need of relatively small WSM components (Auditor, Monitor, Logger, and so on).
Web Services Management Platform vendors should carefully design the WSM components and they may logically combine WSM functionalities into various WSM components.
This article discussed the requirement and scope of Web Services Management—Control Sphere.
Various WSM components of the Control Sphere are introduced and their functionalities are briefly discussed in this article. Subsequent articles in this WSM series will discuss each of the components in detail.
White papers, articles, and news are posted at the following Web sites:
About the Author
Manoj Seth is a senior software engineer at Hewlett-Packard, India. He is a Post Graduate from the Indian Institute of Information Technology, Bangalore.
Manoj has been involved in designing and developing J2EE-based solutions over various platforms in the domains of Financial/Banking and Middleware for more than two years. He has good exposure to Web Services and their emerging standards in development/deployment and management space. He can be contacted at email@example.com.
The author would like to acknowledge the contributions of Pankaj Kothari at Hewlett-Packard, India for his insightful comments and reviews.