Upload
marvin-griffith
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
FMEA-technique of FMEA-technique of Web Services Analysis Web Services Analysis and Dependability and Dependability EnsuringEnsuring
Anatoliy Gorbenko Anatoliy Gorbenko Vyacheslav Kharchenko Vyacheslav Kharchenko
Olga TarasyukOlga Tarasyuk
National Aerospace University "KhAI“, National Aerospace University "KhAI“, UkraineUkraine
Department of Computer Systems Department of Computer Systems and Networksand Networks
1
CONTENTCONTENT1. Introduction
Web Services Technologies; Purpose & Tasks of the Paper
2. Analysis of the Web Services by using FMEA-technique Web Services component architectures Web Services Failure Taxonomy FMEA-tables & results of Web Services analysis
3. Ensuring Web Services dependability and fault-tolerance Failure effect recovery Failure prevention Fault-tolerance & Web Service Diversity Fault removal
4. Dependable Web Services development and deployment Using FMEA-technique for dependable Web Services development The principles of dependable and secure Web Services deployment Implementation
5. Conclusion
2
1. Introduction (1)1. Introduction (1)
User
WSDL WebService
Global UDDI Registry
Registerthe Web Service
Discoverthe Web Service
SOAP Messagingover HTTP
Invokethe Web Service
Web Service Description...<service name="Ws1 "> <soap:address location="http://aria.xai12.ai:8080/ws1/ws1 " ...</service><operation name="sayHi "> <input> ... </input> <output> ... </output></operation>...
Internet/IntranetWeb Service's
Response
3
Web Services Technologies
1. Introduction (2)1. Introduction (2)
Web Services are extensively used now in developing various business-critical applications:
distributed banking systems & Internet auctions;hotel/car/flight/train reservation and booking;e-commerce, e-business, e-science, etc.
Web Services dependability attributes: Availability and Reliability; Performance/responsiveness; Security, etc.
Analysis and ensuring dependability in this architecture is an emerging area of research and development.
4
1. Introduction (3)1. Introduction (3)
Purpose of this report is: application of FMEA (Failure Modes and Effects Analysis) -technique for Web Services analysis and dependability ensuring.
Tasks of the report are: Analysis of Web Services failures modes and causes;Analysis of Web Services failures effect on system, components and end users;Determination of the means for ensuring dependability:
Failure prevention; Fault-tolerance and failure effect recovery;; Fault removal.
5
2. 2. Analysis of the Web Services by Using FMEA-technique
The use of the FMEA-techniquefor the Web Services analysis includes:
Web Services decomposition on component parts; Identification of the typical failures; Analysis of theirs influence on the Web Services dependability; Determination of the necessary means for
fault-tolerance and failure effect recovery.
FMEA-technique may be an important part of Web Services dependability guaranteeing program.
6
Web Services component architectures (1)
Ope
rati
ng S
yste
m
Web Server
Application Server
DBMS
Data BaseStored procedures
Servlets
Software Environment
Hardware Environment
Web Services ComponentsWeb Services Components
1. Hardware Environment;2. Software Environment: 2.1. Operating System; 2.2. System SW: 2.2.1. Web Server; 2.2.2. Application Server; 2.2.3. DBMS; 2.3. Application SW: 2.3.1. Servlets; 2.3.2. Stored procedures & triggers.
1. 1. All components in the All components in the same hostsame host
7
2. 2. Fully separated Fully separated component architecturecomponent architecture
Ope
rati
ng S
yste
mW
eb S
erve
r
Ope
rati
ng S
yste
mA
pp
lica
tion
Ser
ver
Ser
vlet
s
Ope
rati
ng S
yste
mD
BM
S
Dat
a B
ase
Sto
red
pro
ced
ure
s
Web Server App Server Database Server
Web Services ComponentsWeb Services Components
1. Hardware Environment;2. Software Environment: 2.1. Operating System; 2.2. System SW: 2.2.1. Web Server; 2.2.2. App Server; 2.2.3. DBMS; 2.3. Application SW: 2.3.1. Servlets; 2.3.2. Stored proc. & triggers.
8
Web Services component architectures (2)
Web Services component architectures (3)
Ope
rati
ng S
yste
mW
eb S
erve
r
Ap
pli
cati
on S
erve
rS
ervl
ets
Ope
rati
ng S
yste
mD
BM
S
Dat
a B
ase
Sto
red
pro
ced
ure
s
Web&App Server Database Server
3. 3. Partially separated Partially separated component architecturecomponent architecture
9
Web Services ComponentsWeb Services Components
1. Hardware Environment;2. Software Environment: 2.1. Operating System; 2.2. System SW: 2.2.1. Web Server; 2.2.2. App Server; 2.2.3. DBMS; 2.3. Application SW: 2.3.1. Servlets; 2.3.2. Stored proc. & triggers.
Web Services Failure Taxonomy
Software(SW) environment
System services
Environment-dependent failures Application-specificfailures
Hardware (HW) environment
Operation System (OS)
Web-server App Server DBMS
Applicationsoftware(servlets)
DB storedprocedures
andtriggers
Transient (Accidental)Permanent
No influence InterruptionTermination
Failure dependence
Failure specificationattributes Failure modes
Non-evidentEvident
Failure domain
Stability of occurrence
Failure evidence
Influence on operability
10
Hardware failures modes and effects analysis
11
Compressed Format of FMEA-Tables
EquivalentCommonBus
12
Software failures modes and effects analysis
13
Results of Web Services failures modes and effects analysis
Several failures modes can lead to the prolonged or short- term service aborting that affects on users as denial of service.
Some failures result in a non-evident incorrect service that is more dramatic for many applications (e-commerce, critical automation control, etc.) because will entail serious consequences, financial loss and, finally, service discrediting.
The prevalent sources of Web Services failures are the different software components.
14
3. Ensuring Web Services Dependability 3. Ensuring Web Services Dependability and Fault-Toleranceand Fault-Tolerance
15
Failure effect recovery
Failure prevention
Fault-tolerance
Fault removal
Failure causes
Failure evidence
Stability of occurence
DEPENDABILITYENSURING MEANS
Failure domain
Failure effect
CRITERIA OF FAILURESSPECIFICATION
Dependence
Failure effect recovery
1) replacement of crashed hardware components; 2) reinstall of crashed software components; 3) data recovery; 4) system rebooting or restarting of the particular software services*.
* System rebooting and restarting of the particular software services and applications can be performed
in automatic mode with the help of hardware or software implemented watch-dog timers to achieve better availability.
16
Failure prevention
1) quality control techniques employed during the design of the own developed application software;
2) procedures for input parameter checking;3) rigorous procedures for system maintenance and
administration;4) firewalls, security guards and scanners to prevent malicious
failures;5) software rejuvenation based on forced
restarting/reinitialization of the SW components.
NOTE: Service publisher has limited means for failure effect prevention because the most of the HW and SW components
of the Web Service are the COTS- (commercial of the shelf) components developed by third parties.
17
Fault-tolerance (1)
Permanent
Accidental Evident
Non-evident
Hardwareenvironment
Softwareenvironment
Transient
Partial HWredundancy
Complite HWredundancy
Evident
HW diversity
SW replicationor diversity
Operation retry
EvidentReplication ofthe System SW
Permanent
Diversity ofthe System SW
CompliteHW redundancy
or diversity
Non-evident
Evident
Non-evident
Failure modeFailuredomain
Stability ofOccurrence
FailureEvidence
Fault-tolerant means
ApplicationSoftware Permanent
Evident
Non-evident
Application-specificexceptions handling
Diversity of theApplication SW
18
Fault-tolerance (2)
DiversityDiversity is one of the most efficient method for is one of the most efficient method for Web Services fault-tolerance provision.Web Services fault-tolerance provision.
Diversity of Web Services can be used for:Hardware platform; Operating Systems; Web & Application Servers; DBMS and, finally, for Application Software.
It can by applied both It can by applied both separatelyseparately and in many and in many various various combinationscombinations..
19
Fault Removal
Fault removal of the Web Services based, first of all, on the systematic applying of the updates and patches for hardware (microcode updates) and software developed by third parties (OS, drivers, web and application servers, DBMS).
Fault removal from the own developed application software is performed both during the development phase and the maintenance.
20
4. Dependable Web Services Development 4. Dependable Web Services Development and Deploymentand Deployment
Using FMEA-technique for Dependable Web Services Development
WebService
FMEA Tables Means for Fault-Toleranceand Dependability Ensuring
Common Detailed Existed Additional
Updating
System Requirements
General scheme of Web Services FMEA-analysis General scheme of Web Services FMEA-analysis and dependability ensuringand dependability ensuring
21
Servlets,DB triggersand storedprocedures
HW/SW EnvironmentArchitecture
HW/SW EnvironmentSpecification
BusinessLogic
Failures criticality(cost) and probability
analisys
Analisys of cost,efectiveness andcompatibility ofdifferent means
Risk analysis,optimization and
choice
Updating of theHW/SW architecture,
environmentspecification and
business logic
Web ServiceApplication
Software
CommonFMEA-tables
DetailedFMEA-tables
Set of means forfault-tolerance
provision
Detailed scheme of Web Services FMEA-analysis Detailed scheme of Web Services FMEA-analysis and dependability ensuring and dependability ensuring
22
The principles of Dependable and Secure Web Services Deployment
1. Defence in Depth and Diversity (DD&D).
2. Adaptability and Update (A&U).
23
Defence in Depth and Diversity Defence in Depth and Diversity (DD&D) Principle(DD&D) Principle
DD&D principle provides:
1) joint usage of existed security and fault-tolerance facilities at the different levels of the Web Service architecture (Defence in DepthDefence in Depth);
2) using of DiversityDiversity at the different levels of the Web Service architecture (HW platform, OS, System and Application SW, etc.).
Here, the Here, the compatibilitycompatibility between different facilities between different facilities and diversity modesand diversity modes must be taken into account. must be taken into account.
24
Adaptability and update (A&U)Adaptability and update (A&U) principle principle
The essence of this principle is the dynamic changing of Web Service architecture and diversity mode according to observed failures and intrusions (AdaptabilityAdaptability).
For that the intellectual monitors can be usedto detect failures and intrusions;to analyse their modes, effects and causes;to choose the better Web Service configuration.
These means can include external alarm services to notify automatically about recent Internet security vulnerabilities, novel viruses and to distribute security updates and patches (UpdateUpdate).
25
Implementation (1)Implementation (1)26
Architecture of dependable Web Services upgrading
.
.
.MonitoringTool
ManagementTool
Data Base
Web-Service 1.0(Old)
WS Upgrating Environment
User(Service requester)
WSDL
WSDL
WSDL
Upgrating Middleware
Composite Web Service
UDDI Registry
Third-partyWeb Services
Web-Service 1.1(New)
A. Gorbenko, V. Kharchenko, P. Popov, A. Romanovsky, A. Boyarchuk. Development of Dependable Web Services out of Undependable Web Components. CS-TR: 863,
School of Computing Science, University of Newcastle upon Tyne, UK, Oct 2004, 36 pages.
Implementation (2)Implementation (2)27
Diversity Configuration
Management
.
.
.MonitoringTool
ManagementTool
Data Base
Web-Service N
User(Service requester)
Composite Web Service
Dependable Middleware
UDDI Registry
DiversWeb Services
FMEA-tablesSet of means forfault-tolerance
provision
External alarmservices
Web-Service 1Serviceresolver
WSDLWSDL
WSDL
ConfigurationAgent
ConfigurationAgent
Setting thevariant of OS,
Web&AppServers, DBMS
Architecture of dependable and Secure WSs Deployment
5. Conclusion5. Conclusion (1) (1)
1. Publishers of Web Services have a limited possibility for fault prevention and fault removal of the most Web Services components, developed by third parties.
=>=> Thus, redundancy in combination with diversity is one of the basic means of dependability ensuring and fault tolerance provision.
2. However, using diversity in Web Service architecture requires detailed researches and addition solutions because it can lead to the addition security violations.
28
5. Conclusion5. Conclusion (2) (2)
3.The non-evident failures are the most critical for the majority areas of Web Services applications.
4. The additional adaptive reliable algorithms and means of voting and failures diagnosis must be implemented for the ensuring tolerance to the non-evident failures and prevention of losses of the processed (in-service) requests.
29
5. Conclusion5. Conclusion (3) (3)
5. FMEA-tables may be dynamically updated during Web Service operation. It will allow (jointly with implementation of DD&D and A&U principles) to increase the effectiveness of the used means of dependability ensuring.
6. Fulfilled analysis can be extended by taking into account the lacks of required resources or services and service unavailability due to network failures. Besides, the critical analysis of different failures modes can be performed.
30