Gaining Control of Your SOA Willie Kirkpatrick VP EMEA AmberPoint

Long Time Microsoft SOA Partner Joint development, licensing, and distribution Wide support of Microsoft’s SOA stack Visual Studio.NET variations BizTalk Visual Studio System Center Ops Mgr Native C# implementation of AmberPoint Version of AmberPoint bundled with Visual Studio

Unive Business Problem The Netherlands changed to an “open enrollment” model Competitive market required direct customer access to information and enrollment Targeted Health Insurance System first Technical Approach Exposing internal processes & applications for internet use by customers Microsoft “Stack” Visual Studio.NET SharePoint Systems Center Ops Manager Transformed Mainframe Applications Redundant sites for High Availability Insurance Company – Netherlands HTML Services Business Services Legacy Services HTML Services Business Services Legacy Services 177 Endpoints Site 1Site 2 74 Services

Unive Technical Problem Complex, distributed transactions (“SOA”) made it hard to manage running applications Difficult to: Diagnose issues Ensure high availability Meet QOS requirements Solution: AmberPoint Business Results With on-line, immediate cross checks and data validation, over 60% of new applications processed directly into mainframe apps Results “If we hadn’t started using AmberPoint, we would have stopped using SOA.” – Bob Alberts, Project Director Insurance Company – Netherlands

Vital Forsikring Business Problem Increasingly competitive market driving need to reduce costs and increase agility. Technical Approach Migration from Mainframe to SOA overtime Microsoft “Stack”.NET 2.0 BizTalk Server 2006 Systems Center Ops Manager Windows bit Benefits Lower mean time to repair Ability to provide reliable, secure self- service application, including a pensions portal for smaller organizations Largest Life & Pensions company in Norway Business Services 60+ Endpoints 30+ Services BizTalk Files Portal BizTalk

Keys to Successful Runtime Governance of SOA Applications Visibility – Knowing What’s Out There and What’s Going On… Control – Putting Policies into Action… Ensuring Integrity – Ensuring Changes Don’t Impact the Whole Application Environment… Handle the entire infrastructure Do it all automatically Reduces risks and costs Automation is the single most important thing that makes SOA scaleable

SOA Governance Design Time Gov. Dev & QA Tools Lifecycle Management Approval Processes Service Registry Policy Requirements Design Time Gov. Dev & QA Tools Lifecycle Management Approval Processes Service Registry Policy Requirements Runtime Gov. Service Level Mgmt Transaction Monitoring Auditing / Logging Security Policy Enforcement Runtime Gov. Service Level Mgmt Transaction Monitoring Auditing / Logging Security Policy Enforcement SOA Infrastructure App Servers Enterprise Service Bus Appliances Legacy Systems Process Management Databases SOA Infrastructure App Servers Enterprise Service Bus Appliances Legacy Systems Process Management Databases

Closed Loop SOA Governance Design Time Gov. Dev & QA Tools Lifecycle Management Approval Processes Service Registry Policy Requirements Design Time Gov. Dev & QA Tools Lifecycle Management Approval Processes Service Registry Policy Requirements Runtime Gov. Service Level Mgmt Transaction Monitoring Auditing / Logging Security Policy Enforcement Runtime Gov. Service Level Mgmt Transaction Monitoring Auditing / Logging Security Policy Enforcement SOA Infrastructure App Servers Enterprise Service Bus Appliances Legacy Systems Process Management Databases SOA Infrastructure App Servers Enterprise Service Bus Appliances Legacy Systems Process Management Databases Running Reality ? ? Intended Design

Closed Loop SOA Governance Design Time Gov. Visual Studio Team System Repository Design Time Gov. Visual Studio Team System Repository Runtime Gov. SOA Infrastructure.NET / Windows Communication Foundation BizTalk SharePoint SQL Server Etc. SOA Infrastructure.NET / Windows Communication Foundation BizTalk SharePoint SQL Server Etc. Running Reality ? ? Intended Design

Closed Loop SOA Governance Design Time Gov. Runtime Gov. SOA Infrastructure Running Reality ? ? Intended Design

Messaging Automatic End-to-End Discovery Dynamic Discovery of your SOA environment… Dependencies Services & Consumers Transaction Flow Runtime Policies & Metadata …across Heterogeneous Infrastructure Containers ESBs Appliances Registries / Repositories No application, message or header modifications Automatically feeds Design Time Governance Ensures Complete Accounting of Your SOA Environment Design Information Running Environment Repositories Service Registries Home-grown Databases

AmberPoint SOA Explorer Real-time view of overall environment and status Quick filters to rapidly isolate areas of interest Transaction flow Recent additions Problem areas Specific application groups “Rogue” services Take action Place under management Apply missing policies Drill down into detail Sortable, printable, exportable information Filters Drill Down Graphical View Table View

End-to-End Transaction Monitoring & Diagnosis From Clients, through Infrastructure, Applications, and Endpoints Business Transactions Process Flow - Exception context - Response times Drill into Transaction Content & Context eCommerce System Order Warehouse Credit Check Shipping Partner Order Management Follows transactions through SOA and non-SOA components: ESB‘s Java and.NET Applications Databases Detects problems with business flows: Performance issues Missing or stalled steps Failures Performance and

Real-time Monitoring of Business Transactions Probe applications for inconsistencies Expected Delivery Disconnect Alert Check transaction progress and correctness Does not need to be synchronous or see every step

Service Level Management SLA enforcement for transactions, groups, users, and services Transaction-level SLA’s Service Level Violations User-level SLA’s Historical Reporting Enforces agreements based on business criteria “Gold” users, Accounting systems at the end of quarter, etc. Flexible calendars, scheduled downtimes, fixed and sliding time windows Preventative and corrective actions Multiple Objectives per Agreement

Take Preventative / Mitigating Action A Throttling Example Service Level Objective (SLO) For Platinum customers: Ave. Response time per hour < 6 sec Warning threshold <= 4 sec - Action : Throttle non-Platinum users Service Level Objective (SLO) For Platinum customers: Ave. Response time per hour < 6 sec Warning threshold <= 4 sec - Action : Throttle non-Platinum users 1 Usage segmented – e.g. by Platinum, Gold, Silver 2 3 Service Level Agreement Platinum Gold Bronze Performance against objectives

5 Stabilized response times Take Preventative / Mitigating Action A Throttling Example Service Level Objective (SLO) For Platinum customers: Ave. Response time per hour < 6 sec Warning threshold <= 4 sec - Action : Throttle non-Platinum users Service Level Objective (SLO) For Platinum customers: Ave. Response time per hour < 6 sec Warning threshold <= 4 sec - Action : Throttle non-Platinum users 1 Usage segmented – e.g. by Platinum, Gold, Silver 2 3 Service Level Agreement Platinum Gold Bronze Performance against objectives Automatically triggers throttling before compliance failure 4 Throttling Policy

Closed Loop SOA Governance Design Time Gov. Runtime Gov. Running Reality ? ? Intended Design Approved Services Intended reuse QOS requirements Policy requirements Discovered Services & Dependencies Transaction Monitoring Performance metrics Policy enforcement Security Throttling Version transparency Users Authorized Unauthorized attempts Policy additions Discovered policies Operational additions

Policy-based Approach to Runtime Governance Enforced across the infrastructure Pre-built library of most commonly used runtime policies User-extensible  Instrumentation  Version management  Service level agreements  Exception handling  Content-based Policies  Authentication – certificates, credentials, SAML, etc  Authorization  Censorship  Credential Mapping  Crypto – Signatures & Encryption  Throttling  Quality of Service  Performance  Availability  Throughput  Failover  Load balancing  Validation

Automated Policy Provisioning  Select policy  Configure  Set policy criteria  Policy enforcement across the infrastructure Service Metadata

Microsoft BizTalk MEP VSP Orchestration Protocol Mediation Message Routing Content Transformation Resource Management Discovery / Registration End-to-end Visibility Measurement Message Distribution/Utilization Availability Access Control Combing AmberPoint + BizTalk creates a SOA Grid with a clean separation of responsibilities Controls Service-to-Service Interactions Controls Service- to-Endpoint Interactions MEP VSP MEP VSP Managed Endpoints Virtual Service Provider MEP VSP MEP VSP

MEP VSP Secure Service Provider Balanced Service ProviderResilient Service Provider Evolving Service Provider Qualities: Security Integrity Confidentiality Benefits: Tamper Resistant Private Controlled Access Qualities: Reliability Availability Benefits: Highly Available Fault Tolerant Qualities: Version Transparency Flexibility Benefits: Agile Controlled Access Deprecation Qualities: Scalability Performance Capacity Benefits: Balanced Distributed Manageable Runtime Governance of Virtual Service Providers MEP VSP LB MEP VSP LBFO MEP VSP VT v1v1 v2v2 vnvn

AmberPoint SOA Runtime Governance Mark Munro Senior Sales Engineering Northern Europe - AmberPoint

In an ESB Scenario Service-Oriented Infrastructure Service Registry Service Management Security Legend: CIM Consumer Integration Module SIM Service Integration Module Enterprise Service Bus ESB Core Engine Transformation Routing Exception Management Orchestration Adaptation B2B GatewayProvisioning Framework Adaptation Supported Service Consumer Native Supported Service Provider Native Standard Service Consumer SOAP CIM Standard Service Provider SOAP SIM

MedicAlert Health Care Services Personal health records for 4,000,000 world-wide members. Key Requirements: Ensure high QoS requirements for access to MedicAlert services – critical health implications Ensure ‘last-mile’ security for sensitive & private patient information Chosen Solution: AmberPoint Visibility into service usage and performance bottlenecks Monitor impact of security & management policies on their SOA Version transparency – different eHealthKey versions Microsoft.NET and BizTalk Orchestration & Mediation eHealthKey Results: “Can usually have a running prototype assembled faster than the marketing guys can write up their requirements.” – Jorge Mercado, CTO

Closed Loop SOA Governance Design Time Gov. Runtime Gov. Running Reality ? ? Intended Design Approved Services Intended reuse QOS requirements Policy requirements Discovered Services & Dependencies Transaction Monitoring Performance metrics Policy enforcement Security Throttling Version transparency Users Authorized Unauthorized attempts Policy additions Discovered policies Operational additions