SOA-14: Deploying your SOA Application David Cleary Principal Software Engineer

SOA-14: Deploying your SOA Application

David ClearyPrincipal Software Engineer

© 2006 Progress Software Corporation2SOA-14: Deploying your SOA Application

Agenda

Development vs. deployment environment Moving your application artifacts Securing and scaling your application

Moving from Development to Deployment


D I S C L A I M E R

Under Development

This talk includes information about potential future products and/or product enhancements.

What I am going to say reflects our current thinking, but the information contained herein is preliminary and subject to change. Any future products we ultimately deliver may be materially different from what is described here.

D I S C L A I M E R


Planning and Installing your SOA

Infrastructure


Sonic Components

Domain Manager• Manages component configuration• Monitors runtime of distributed components• One per Domain

Messaging Nodes• Message Broker• Provides messaging to each node in

distributed architecture• Supports clustering for reliability and

scalability


Sonic Components

Containers• MQ Container provides runtime support for Sonic

components• ESB Container hosts ESB services• Multiple ESB containers can run in MQ Container

Administration Tools• Allows configuration, management, and monitoring of

all Sonic components• Includes Sonic Deployment Tool

– Creates archives for moving from development to test to deployment

– Allows you to easily scale applications


OpenEdge Components

OpenEdge® Application Server OpenEdge Adapter for Sonic ESB®

• Custom ESB service running in ESB Container

No NameServer required Includes MQ and ESB containers


Development Setup

Sonic Management Console

Domain Manager Container

Management and Messaging Broker

Sonic Directory Service

JMSAcceptor(2506)

HTTPAcceptor

(81)

Compaq64Container

OpenEdgeSonic ESB

Adapter

OpenEdge Application

Server

Data

Stylus Studio


Deployment Setup

SonicMQ Management BrokerDomain DMZ

SonicMQ Messaging BrokerHTTP Acceptor on Port 80

SonicMQ Management BrokerSonicMQ Messaging BrokerHTTP and JMS Acceptors

OpenEdge Application Servers

SonicMQ Container

OpenEdge Database


Installing the Domain Manager

Components installed individually• SonicMQ® first

• Sonic ESB and other components after

Security disabled by default• Different than a Workbench installation

• Enable security to turn on authentication

Create separate messaging broker• Automatically done in Sonic 7.0

• Change default connections in ESB


Installing OpenEdge Components

Keep OpenEdge Application Server and OpenEdge Adapter for Sonic ESB together• Uses JMS reliability on the network

Install on Domain Manager to configure management tools• Manual configuration possible

• Different steps for different versions of Sonic

Disable NameServer for ESB only Application Servers


Create Sonic Acceptors

Acceptors are the front door to your application

Single JMS acceptor can support multiple applications

HTTP acceptors limited to single endpoint based on URL

Create consistent URL policy for applications• http://host/type/application• http://mqserver1/rest/quote• http://mqserver1/soap/quote


Security Considerations


Security Basics

Authentication• Who are you?

Authorization• Are you allowed here?

Quality of Protection• Is this private and non-corrupted?

Secure Communications Layer• SSL


Enabling Authentication

ENABLE SECURITY AT INSTALL TIME! Modify default Administrative password

• Do it BEFORE installing distributed components

• Requires new boot files for all containers– Management, Messaging, and OpenEdge containers

External stores supported• LDAP Directory

• Pluggable Authentication and Security Service (PASS)


Authentication Security

JMS connections use challenge-response mechanism• No passwords sent on the wire

HTTP only supports BASIC Authentication• User and Password sent in clear over the wire

• Use HTTPS to secure this


Authorization

Access Control Lists (ACLs) on resources Resources include Queues, Topics, and DRA

Nodes ACLs grant or deny access on specific

resource• Send/Publish

• Receive/Subscribe

• Routing for DRA nodes


Quality of Protection

Integrity• Message signed to ensure no tampering

Privacy• Message body and properties encrypted

• Message headers are not

QOP not supported for HTTP Direct


Secure Communications Layer

SSL and HTTPS support Encrypts everything on wire

• Messages unencrypted at every node

• Encrypted again before going back on wire

SSL client authentication supported QOP more efficient than SSL


Packaging your Application with the

Sonic Deployment Tool


Deployment Process Overview


Creating a Deployment Archive

Select elements and files from development directory service

Tool follows references from selected elements• OpenEdge service includes WSM and WSDL

files

Select archive root wisely• All resources attached to root

• ESB Container as root of application


Artifacts not in Archive

Management property and jar files• Support for WSM resource editor

• Unable to configure OpenEdge services without property file


Tailoring Deployment Archives

Map files can be created and edited for tailoring• Endpoint type and destination

• Connection URL and credentials

• File Paths

• QOS settings


Steps for Tailoring an Archive

Create Map file of an archive Edit file for target domain Apply map, creating new archive Import mapped archive into target domain


Scaling Up your Application


Service Listeners

Queues serialize incoming messages By default, service is single threaded

• Only one message processed at a time

• Only one server process used

Listeners correspond to threads• Messages processed in multithreaded manner

• Multiple server processes utilized

Beware of running out of server processes• Tune waitIfBusy and requestWaitTimeout properties


Adding Additional Application Servers

Install OpenEdge Application Server and OpenEdge Adapter for Sonic ESB on new host

Point at Domain Manager during installation Add application ESB container to

management container installed by OpenEdge

Messages now processed by multiple application servers


Creating Clusters

Fixes messaging bottlenecks Containers load-balanced between multiple

messaging brokers Load-balancing weight settable Queues must be defined per cluster


Adding Fault Tolerance and Redundancy


Replicating Directory Service

One primary and one backup directory service per domain

Directories can share a single store, or use a copy• No automatic replication between stores

• No synchronization at startup

Backup will automatically become active during failure


Replicating Brokers

Creates a primary and backup broker Backup broker replicates all acceptors on

primary Primary accepts clients and flows replications

data to backup Both brokers are functionally equivalent


Fault Tolerant and Scalable Architecture

Cluster

SonicMQ Messaging Cluster

OpenEdge Application Servers

Server Server

Server Server

SonicMQ Management Broker

Primary Directory Service

Backup Directory Service

Common Directory Store


Monitoring your Application


Sonic Management Console

Metrics allow you to monitor real-time performance

Notifications allow you to capture interesting events


Advanced Management and Monitoring from Actional

Looking Glass™• Enterprise scale management

• Business process visibility

SOAPStation™• Web Services intermediary

• Monitors and controls security and ploicies


In Summary

Differences between Development and Deployment

Building up your SOA applications and infrastructure

Managing your deployment infrastructure


For More Information, go to…

PSDN• Webex and Whitepaper coming in August

Relevant Exchange Sessions:• SOA–4: Introducing Sonic SOA Suite v7.0

• SOA–9: Implementing SOA in Financial Services: Banco Comafi a Real Leading Case


Education / Documentation References

Sonic Software Web Based Training http://www.sonicsoftware.com/services/education_training/index.ssp• SonicMQ System Administration• Service-oriented Integration with Sonic ESB

OpenEdge Classroom Training• XML Essentials• What’s New in OpenEdge 10.1: Sonic

Integration• OpenEdge Development with Sonic ESB


Questions?


Thank you foryour time


Documents

SOA-14: Deploying your SOA Application David Cleary Principal Software Engineer