Looking at a SOA world

Matias Cuenca-AcunaDecember, 2006

04/18/23 2

Talk Outline

• Introduction to Intel Software and ASDC• SOA and the technologies behind it• The challenges• Beyond SOA

04/18/23 3

What is Intel Software?

• Why does Intel care about software?– Adds value to its hardware

• The different sides of Intel Software– Enabling

• Microsoft, Adobe, BEA, etc.– Software development products

• Compilers– C/C++, Fortran, etc.

• Libraries– IPP, MKL, etc

• Tools– vTune, Thread Checker, GPE

– Open Source• Harmony, PPTP, etc.

04/18/23 4

How does ASDC fits into the picture?

• ASDC is part of Intel Software• ASDC’s core competencies (for now)

– Technology areas• SOA• Clustering• GRID

– Knowledge areas• Security• Management• Performance

• Other activities at ASDC– Involvement with higher education

• Specialization program on distributed services & systems• We awarded 14 scholarships for grads & under-grads• Internship program

– Involvement with the local industry• Telemedicine project

– Involvement with the community

04/18/23 5

SOA and the technologies behind it

04/18/23 6

SOA by example

cheapmortgages.com

04/18/23 7

What is SOA?

• A service-oriented architecture is essentially a collection of services – These services communicate with each other and the communication can

involve either simple data passing or direct application execution;– also it could involve two or more services coordinating some activity.

• What is a Service?– A service is a function that is well-defined, self-contained, and does not

depend on the context or state of others.

• What is a Web Service?– Typically a web service is XML/SOAP based and most often described by

WSDL and Schemas. In most SOA implementations a directory system known as UDDI is used to for Web Service discovery and central publication.

04/18/23 8

It’s a SOA World after all…

• Massive growth in SOA, Web Services and XML• More XML traffic on LAN than email

– Average XML traffic load increasing 50% Y/Y– XML data 5x-20x the size of “normal” data

• Web Services applications on enterprises is growing 300% Y/Y• Web services have reopened 70 percent of the attack paths against

Internet connected systems (Source: Gartner)– 75% of hacks occur at the Application/Service level (Source: Gartner)

• In 2010 46% of IT professional services market will be Web Services related (Source: Gartner)

04/18/23 9

The SOA Stack

• More layers are being constantly added– Security– Reliable messaging– Manageability

NE

T

NE

T

Pe

rsp

ec

tive

Pe

rsp

ec

tive

DA

TA

D

AT

A

Pe

rsp

ec

tive

Pe

rsp

ec

tive

04/18/23 10

Putting the pieces together

• Foundational technologies– XML– SOAP– WSDL– UDDI

• Other technologies involved– XSLT– XML Schema– WS-Security– WS-RM

04/18/23 11

Where does SOA take us?

• Lower cost of development for new apps• Reusable Functionality• Common Interfaces (Reduced Integration Costs)• Real collaboration• Real-time Data• User driven Apps• True e-Marketplaces• Ad hoc business relationships

04/18/23 12

The challenges

04/18/23 13

Same old problems new game rules

• Problems: Speed, Security, Manageability, Availability, etc.• What is new about them?

– Operations span multiple organizations– Heterogeneous software & SLAs– No centralized server or authority– Self describing languages have a high performance cost (i.e. XML)– The processor’s speed race days are over!

04/18/23 14

Security in a SOA world

<XML>

MP3 Player order

</XML>

Product info

Shipping info

Credit card info

mystore.com

<XML>

</XML>

<XML>

</XML>

<XML>

</XML>

<XML>

</XML>

<XML>

</XML>

04/18/23 15

The Security Challenge

• Why is security so important in SOA?– Drastic & Fundamental shift in Authentication & Authorization models

• Firewalls are oblivious to XML traffic• SSL is not enough

– Real Business apps affected• WS-Security jumped from 15% in 2005 to 33% in 2006

– Source: Evan’s 2006– Non repudiation

• On the previous slide, how does Sony proves that Amazon owes them money?– Externalization of application functionality and loss of internal controls– Next generation threats and new risks

• We have already identified some• We need to improve on

– Distributed identity– Languages for defining and agreeing on security policies

• How do I trust that company X’s developers did a good job?– Faster and parallel cryptography/XML processing

04/18/23 16

The Speed Challenge

• XML is inherently inefficient– It consumes a considerable amount of bandwidth, storage and CPU– Large XML documents may need to be loaded into memory before

processing• XML content is 20-50 times larger than text/binary equivalent

• How slow is it?– An XML based address book service can process 25 req/sec (40ms/req)

• The data is coming from memory!!• Using Tomcat 4.0.1 on a AMD Athlon XP 2Ghz with 1GB of RAM• Source: Apache (http://tomcat.apache.org/articles/performance.pdf)

– SSL reduces performance by 3 (Source: BEA)– To put it in perspective

• Google performs 1000 queries per second at 200ms latency• A query can span 128 machines (shards) and 3 to 4 tiers• Throw in SSL and assume that query complexity is up by … 10? 100?• We have a resulting latency of 6 to 60 seconds (i.e at least 30X

slower!!)

04/18/23 17

The Speed Challenge

• In real life XML is a multi-step process which is hard to parallelize– State of the art HW can give you a 6X boost on latency

• We need to improve on– XML parsing, transformation, querying and validation– We need parallel algorithms for all of the above– Faster and parallel cryptography

04/18/23 18

Want more challenges?

• Management Challenge– We have too many management layers

• Configuration Management, Performance Management, Security Management, Application Management, etc.

– The ultimate SOA goal is to provide a service• Knowing that a computer is down at company X is not enough• We need end to end management

– Across platforms, languages, applications, and existing management technologies

• Reliable communication– How do we guarantee that a service ahs received and is processing a

request?– TCP cares about a single hop

• Also it only says that a front end got the message

04/18/23 19

Beyond SOA

04/18/23 20

Life outside of SOAP

• There is REST, AJAX, and others

• In 2003 80% of Amazon's WS traffic was REST and 20% SOAP– Tim O’Reilly claimed on Nov 2005 that REST was 95%

• As of Nov 2006 Yahoo! provides REST only WS

• A 2006 Evan’s study suggests 60% SOAP adoption and 51% REST– 375 employees from companies that use SOA were interviewed

04/18/23 21

Meet Web 2.0©

• Web 2.0 is Growing Faster Than Online Video & News – Source: Nielsen Netratings

• Social networking sites have the highest Y/Y traffic growth– Feedburner (385%), Digg.com (286%), MySpace (170%), Wikipedia

(161%), and Facebook (134%)

• Software as a service (SaaS)• Mash ups

– 40% of the companies that use SOA plan to integrate with Google• 18% with eBay

04/18/23 22

To wrap up

• Large scale heterogeneous systems are becoming a reality

• Ubiquitous software will replace traditional PC applications

• At ASDC we are starting some related projects on– Cluster computing– SOA & Grid– SOA Security– Manageability– Virtualization