SOA Reference Architecture Technical Standard : Quality of Service Layer

 

Overview

Inherent in SOA are characteristics that exacerbate existing Quality of Service (QoS) concerns in computer systems: increased virtualization/loose-coupling, widespread use of XML, the composition of federated services, multiple channels as consumers of services, heterogeneous computing infrastructures, decentralized Service-Level Agreements (SLAs), the need to aggregate IT QoS metrics to produce business metrics, etc. are part of the nature of SOA. These characteristics create complications for QoS that clearly require attention within any SOA solution. The key responsibilities of the Quality of Service Layer include:

  • Monitoring and management both at the business level in terms of Key Performance Indicators (KPIs), events, and business activities in the business processes, and at the IT systems level for the security, health, and wellbeing of IT systems, services, applications, networks, storage, and compute servers
  • Monitoring and enforcement of a multitude of policies and corresponding business rules including business-level policies, security policies, access privileges, data access policies, etc.

Context and Typical Flow

This layer provides solution QoS management of various aspects, such as availability, reliability, security, and safety as well as mechanisms to support, track, monitor, and manage solution QoS control.

The Quality of Service Layer provides the service and SOA solution lifecycle processes with the capabilities required to ensure that the defined policies, Non-Functional Requirements (NFRs), and governance regimens are adhered to.

This layer supports monitoring and capturing service and solution metrics in an operational sense and signaling non-compliance with NFRs relating to the salient service qualities and policies associated with each SOA layer. Service metrics are captured and connected with individual services to allow service consumers to evaluate service performance, creating increased service trust levels.

This layer serves as an observer of the other layers and can create events signaling when a non-compliance condition with salient policies is detected or (preferably) when a non-compliance condition is anticipated.

In the SOA RA policies, business rules, and the NFRs and policies for the SOA solution are defined and captured in the Governance Layer but are monitored and enforced in the Quality of Service Layer. Important areas of policy enforcement are security, messaging transportation, and infrastructure availability, and service availability. This layer also supports security management and systems management for SOA solutions. Responses (dispensations and appeals) to non-compliance and exceptions are defined by the Governance Layer as well.

Capabilities

There are multiple sets of categories of capabilities that the Quality of Service Layer needs to support in the SOA RA. These categories are:

  • Command and Control Management: This category of capabilities provides the command center for security management as well as the operational security capabilities for non-IT assets and services to ensure protection, response, continuity, and recovery. It also supports security of physical assets such as locations, facilities, services, inventory, physical access control, human identity, etc.
  • Security Management: This category of capabilities manages and monitors security and secure solutions. This provides the ability to manage roles and identities, access rights and entitlements, protect unstructured and structured data from unauthorized access and data loss, address how software, systems, and services are developed and maintained throughout the software lifecycle, maintain the security status through proactive changes reacting to identified vulnerabilities and new threats, enable the IT organization to manage IT-related risks and compliance, and provide the automation basis for security management.
  • IT Systems Monitoring and Management: This category of capabilities provides monitoring and management of IT infrastructure and systems. This includes the ability to monitor and capture metrics and status of IT systems and infrastructure.
  • Application and SOA Monitoring and Management: This category of capabilities provides monitoring and management of software services and applications. This includes the ability to capture metrics and to monitor and manage application and solution status.
  • Business Activity Monitoring and Management: This category of capabilities provides monitoring and management of business activities and business processes. It provides the ability to analyze this event information, both in real-time/near real-time, as well as stored (warehoused) events, and to review and assess business activities in the form of event information and determine responses or issues alerts/notifications.
  • Event Management: This category of capabilities provides the ability to manage events and enables the complex event processing in the SOA RA.
  • Policy Monitoring and Enforcement: This category of capabilities provides a mechanism to monitor and enforce a multitude of policies and corresponding business rules including business-level policies, security policies, access privileges, and data access policies. This provides the ability to find and access policies, evaluate and enforce policies at checkpoints or on metrics captured, signal and record compliance status or metrics, send notification and log of non-compliance and change rules, policies, configuration, and status.
  • Configuration and Change Management: This category of capabilities provides the ability to change solution configuration and descriptions.
  • Data Repository: This category of capabilities provides the ability to store and access policies and rules.

This layer features the following capabilities:

Command and Control Management

  1. Ability to ensure protection, response, continuity, and recovery
  2. Ability to approve authority for security
  3. Ability to ensure that physical and operational security is maintained for locations, assets, humans, environment, and utilities
  4. Ability to provide surveillance and monitoring of locations, perimeters, and areas
  5. Ability to enforce entry control
  6. Ability to provide for positioning, tracking, and identification of humans and assets; continuity, and recovery operations
  7. Ability to secure physical assets, such as locations, facilities, services, inventory, physical access control, human identity, etc.
  8. Ability to ensure the safety of a solution from types of failure, damage, error, accidents, and harm as defined by the Governance Layer

Security Management

  1. Ability to ensure appropriate authentication based on proper roles
  2. Ability to ensure appropriate authorization based on proper roles
  3. Ability to ensure appropriate encryption of messages
  4. Ability to ensure appropriate audit logging of messages
  5. Ability to assure that access to resources has been given to the right identities, at the right time, for the right purpose
  6. Ability to monitor and audit access to resources for unauthorized or unacceptable use
  7. Ability to protect unstructured and structured data from unauthorized access and data loss, according to the nature and business value of information
  8. Ability to monitor and audit access to information
  9. Ability to address how software, systems, and services are designed, developed, tested, operated, and maintained throughout the software lifecycle including the use of technology as well as processes and procedures which are followed during all aspects of software development and deployment
  10. Ability to maintain the security status through proactive changes to the system, reacting to identified vulnerabilities and new threats, and through responding to detected incidents and reported problems
  11. Ability to identify, quantify, assess, and report on IT-related risks that contribute to the enterprise’s operational risk by providing all services to analyze and report security information and security events, and create alarms and insight
  12. Ability to provide the automation basis for security management
  13. Ability to provide and enforce policies for access control
  14. Ability to control access to individual data items in messages

IT Systems Monitoring and Management

  1. Ability to monitor, manage, and configure IT systems hardware, including operating systems which are part of an SOA solution
  2. Ability to monitor, manage, and configure IT network hardware systems which are part of an SOA solution
  3. Ability to monitor, manage, and configure IT storage hardware systems which are part of an SOA solution

Application and SOA Monitoring and Management

  1. Ability to coordinate overall QoS requirements for the SOA solution
  2. Ability to describe QoS NFRs
  3. Ability to manage solutions and services from solution delivery to solution termination
  4. Ability capture the percentage of executions that the solution does not fail
  5. Ability to capture the percentage of executions of the solution that execute within a prescribed period of time
  6. Ability to capture the metric for percentage of time that the solution is invokable
  7. Ability to capture the metric for the response time of network access to a service or solution
  8. Ability to react to infrastructure changes to maximize availability
  9. Ability to log or report on availability metrics
  10. Ability to evaluate the availability metrics against the NFRs (policy)
  11. Ability to capture metrics on performance of services and solutions
  12. Ability to change configuration and policy to ensure meeting SLAs
  13. Ability to change configuration and policy to ensure performance optimization
  14. Ability to support virtualization of resources to support performance optimization
  15. Ability to record, track, and monitor the cost of executing a specific solution
  16. Ability to monitor current status of the solution
  17. Ability to change the current status of the solution
  18. Ability to check QoS requirements for valid status
  19. Ability to issue events for non-compliance to QoS requirements
  20. Ability to measure, gather, evaluate, and test metrics against policies on a regular basis

Business Activity Monitoring and Management

  1. Ability to analyze this event information, both in real-time/near real-time, as well as stored (warehoused) events
  2. Ability to review and assess business and service activity in the form of event information and determine responses or issue alerts/notifications

Event Management

  1. Ability to interface with the Integration Layer and obtain events from the Integration Layer
  2. Ability to control issuance of events in the solution
  3. Ability to send issue events indicating non-compliance to QoS requirements
  4. Ability to subscribe to events issued by the solution
  5. Ability to log events and business messages
  6. Ability to control logging frequency and size

Policy Monitoring and Enforcement

  1. Ability to check QoS requirements for valid rules
  2. Ability to change rules to comply with QoS requirements
  3. Ability to change QoS requirements to comply with rules
  4. Ability to send events for non-compliance to QoS requirements
  5. Ability to evaluate policies
  6. Ability to resolve conflicts between policies
  7. Ability to enforce compliance with policies
  8. Ability to automatically respond and correct violations of policies (enforce)
  9. Ability to enable policy enforcement
  10. Ability to discover, analyze, transform, distribute, evaluate, and enforce security policies
  11. Ability to manage non-functional QoS solution requirements from solution delivery to solution termination
  12. Ability to manage lifecycle of policies
  13. Ability to represent policies
  14. Ability to author policies
  15. Ability to manage instances of policies
  16. Ability to change policies
  17. Ability to disable, discard, and discontinue policies
  18. Ability to monitor and capture metrics and status
  19. Ability to find and access policies
  20. Ability to evaluate policies at checkpoints or on metrics captured
  21. Ability to automate monitoring for violations of policy

Configuration and Change Management

  1. Ability to capture configuration (authoring tools)
  2. Ability to change configuration
  3. Ability to check QoS requirements for valid configurations
  4. Ability to change configuration to comply with QoS requirements
  5. Ability to send events for non-compliance to QoS requirements
  6. Ability to track and record changes, configuration, metadata, policy, etc., happening in the solution
  7. Ability to recover from or even reverse changes made to the solution
  8. Ability to ensure that changes are executed in compliance with relevant governance policies
  9. Ability to change metadata, including service descriptions
  10. Ability to propagate metadata changes to other repositories and descriptions

Data Repository

  1. Ability to store QoS policies and rules
  2. Ability to locate/find/return QoS policies and rules

Architecture Building Blocks (ABBs)

The ABBs responsible for providing these sets of capabilities in the Quality of Service Layer are:

Capability Category

ABB Name

Supported Capabilities

Command and Control Management

Command and Control Manager

1-6

 

Security-Aware Physical Asset Manager

7

 

Safety Manager

8

Security Management

Security Manager

9-12

 

Identity, Access, and Entitlement Manager

13-14

 

Data and Information Protector

15-16

 

Software, System, and Service Assurer

17

 

Threat and Vulnerability Manager

18

 

Risk and Compliance Assessor

19

 

Security-Aware Service Manager

20

 

Access Controller

21

 

Data-Driven Access Controller

22

IT Systems Monitoring and Management

IT Systems Manager

23-25

 

Server and Systems Manager

23

 

Network Manager

24

 

Storage Manager

25

Application and SOA Monitoring and Management

Services and Application Manager

26-45

 

Solution Manager

26 -27

 

Status Manager

41-44

 

Lifecycle Manager

28

 

Reliability Manager

29-30

 

Availability Manager

31-35

 

Performance Manager

36-39

 

Execution Cost Manager

40

 

Monitoring Metric Tools

45

Business Activity Monitoring and Management

Business Activity Manager

46-47

 

Business Activity Monitor

46-47

 

Activity Correlation Manager

46-47

Event Management

Event Manager

48-51

 

Integration Layer: Event Producer

50, 57

 

Integration Layer: Event Listener

51

 

Logging Manager

52-53

Policy Monitoring and Enforcement

Policy Enforcer

58-62, 70

 

Policy Monitor

71-74

 

Governance Layer: Policy Manager

63-70

 

Governance Layer: Business Rules Manager

54-56

Configuration and Change Management

Configuration Manager

75-79

 

Metadata Manager

73-84

 

Governance: Change Control Management

80-82

Data Repository

Governance: Repository

85-86

ABB to Capability Mapping for the Quality of Service Layer

Details of ABBs and Supported Capabilities

Details of ABBs

This section describes in detail each ABB in terms of its responsibilities.

Command and Control Manager

This ABB provides the command center for security management as well as the operational security capabilities for non-IT assets and services to ensure protection, response, continuity, and recovery. Its responsibilities include:

  • Providing the approving authority for security
  • Ensuring that physical and operational security is maintained for locations, assets, humans, environment, and utilities
  • Providing surveillance and monitoring of locations, perimeters, and areas
  • Enforcing entry controls
  • Providing for positioning, tracking, and identification of humans and assets; continuity and recovery operations

Security-Aware Physical Asset Manager

This ABB supports the ability to secure physical assets such as locations, facilities, services, inventory, physical access control, human identity, etc. Its responsibilities include physical and electronic surveillance, location perimeter control, asset and human identification, and tracking.

Safety Manager

This ABB is responsible for handling the safety features of a solution. A solution is considered safe if it is protected against predefined types of failure, damage, error, accidents, and harm.

Security Manager

This ABB is responsible for handling the security features of a solution. A solution is considered to have high security if it ensures authentication and authorization based upon proper roles.This ABB also changes, configures, and audits the security of the compliance, dispensation, and communication processes for the Governance Layer. It provides the binding to whatever standards policies are defined in the Governance Layer and the ability to enforce them (acting as a Policy Enforcer for security policies).

Identity, Access, and Entitlement Manager

This ABB is responsible for all capabilities related to roles and identities, access rights, and entitlements. This ABB provides trust management, identity lifecycle management, credential management, role entitlement, and compliance management. The goal of this ABB is to assure that access to resources has been given to the right identities, at the right time, for the right purpose. It also supports that access to resources is monitored and audited for unauthorized or unacceptable use. It also provides the ability to monitor and audit access to resources for unauthorized or unacceptable use.

Data and Information Protector

This ABB protects unstructured and structured data from unauthorized access and data loss while providing according to the nature and business value of information. It also ensures that access to information is monitored and audited.

Software, System, and Service Assurer

This ABB addresses how software, systems, and services are designed, developed, tested, operated, and maintained throughout the software lifecycle including the use of technology as well as processes and procedures which are followed during all aspects of software development and deployment. Its responsibilities include:

  • Structured design process
  • Threat modeling
  • Risk assessment
  • Design reviews for security
  • Source code review
  • Source code analysis
  • Dynamic application analysis
  • Source code control
  • Access monitoring
  • Code/package signing and verification
  • Quality assurance testing
  • Supplier and third-party code validation
  • Security problem and incident management of software and services

Threat and Vulnerability Manager

This ABB maintains the security status through proactive changes to the system, reacting to identified vulnerabilities and new threats, and through responding to detected incidents and reported problems. Its responsibilities includes vulnerability testing, vulnerability scanning, virtual patching, threat analysis, and risk analysis.

Risk and Compliance Assessor

This ABB enables IT organizations to identify, quantify, assess, and report on IT-related risks that contribute to the enterprise’s operational risk by providing all services to analyze and report security information and security events, and create alarms and insight. Its responsibilites include: security and compliance dashboard, forensics, reporting specially risk aggregration and reporting, compliance audit.

Security-Aware Service Manager

This ABB provides an automation basis for security management, including tie-backs to service management disciplines such as incident and problem management, change and release management, and asset management.

Access Controller

This ABB acts as a kind of policy enforcer providing access control and enforcing policies related to access control and rights. This includes the enforcement of “trust” policies such as authentication/authorization facilities for service invocation and message routing as well as access privileges for various participants to data. It typically supports authorization and authentication functionalities for registered participants, includingfederated authentication (single sign-on) and the ability to ensure that the appropriate audit logging is carried out. This ABB depends on the Governance Layer, that defines security policies, to retrieve security policies and act as a local policy decision point and local Policy Enforcement Point (PEP). It can include support for standards such as SAML (authentication and authorization), XDAS, and CBE (audit and logging). It leverages the Identity, Access, and Entitlement Manager ABB to fulfill its responsibilities.

Data-Driven Access Controller

This ABB supports access control on individual data items. It is a specialized kind of access controller and policy enforcer that enforces policies on individual data items. For example, in a claim processing scenario by an insurance provider, the tax identification number of a claimant is only to be viewed by a set of individuals who are certified to handle sensitive personal information. It leverages the Data and Information Protector ABB to fulfill its responsibilities.

IT Systems Manager

This ABB is responsible for the coordination of the systems manager, network manager, and storage manager to manage the SOA solution elements in a runtime environment.

Server and Systems Manager

This ABB is responsible for the systems manager of the runtime environment.

Network Manager

This ABB is responsible for monitoring network infrastructure performance, proactively identifying potential network issues and problems, and isolating and correcting network faults.

Storage Manager

This ABB is responsible for managing storage resources, including access to local, networked, and virtualized storage.

Services and Application Manager

This ABB is responsible for monitoring and managing the overall health of the applications such that an application must be available to be used (availability), must perform reasonably as stated in the NFRs (performance), must handle the information correctly (integrity), and must be able to recover the data that it has (reliability). Integrity and reliability are typically handled inside the application which uses several redundant storage and commit mechanisms to achieve integrity and reliability. On the other hand, the availability and performance of the application depends on its components that support the application and relationship and interconnection among the components. This ABB is responsible for understanding these relationships and presents the root cause of the application problem. This includes decomposing the application and understanding the individual component resource needs to be able to pinpoint resource problems on an application context. This ABB includes data collection agents responsible for collecting data and monitoring information in application servers. These collection agents run in the monitored application servers and send monitoring information to the management server. There could be specific collection agents for different types of environment such application servers, mainframe/CICS, etc. This ABB also includes a management server that serves as heart and brain of this ABB and is responsible for processing the data collected and sent by data collection agents and presents management data on a dashboard.

Solution Manager

This ABB is the center of the Quality of Service Layer. It coordinates the management of the solution and all of the other ABBs. This ABB is responsible for coordinating solution lifecycle, security, availability, configuration,and change.

Status Manager

This ABB supports the ability to track and change the lifecycle and availability status of services. It is used by the Services Layer.

Lifecycle Manager

This ABB is responsible for managing solution-level QoS requirements during the period of a solution’s lifecycle, from the time when the solution is delivered to the time when the solution is terminated or discarded.

Reliability Manager

This ABB is responsible for handling the reliability feature of a solution. It refers to the percentage that a solution can be successfully executed without failure during a certain period of time.

Availability Manager

This ABB is responsible for handling the availability feature of a solution. Since a solution here refers to an SOA-oriented business solution, it implies a network-based service accessible remotely. Due to unpredictable network features, a solution is considered with high availability if its delay is always below some predefined threshold.

Performance Manager

This ABB is responsible for capturing metrics on performance of services and solutions and recording or reporting these metrics if they do not adhere to relevant policies or they exceed thresholds. This ABB can change configuration and policy to ensure meeting SLAs and/or to ensure performance optimization. This ABB may be expected to support management of virtualized resources in order achieve performance optimization.

Execution Cost Manager

This ABB is responsible for recording, tracking, and monitoring the cost needed to execute a specific solution.

Monitoring Metric Tools

This ABB measures, gathers, evaluates, and tests metrics against policies on a regular basis. Metrics are gathered on SOA services, governed processes, and governing processes. This ABB interacts with the Policy Enforcer ABB.

Business Activity Manager

This ABB enables the event information to be analyzed, both in real-time/near real-time, as well as stored (warehoused) events using the Activity Correlation Manager ABB. It provides event-based analytic functionality, the ability to perform scenario analysis, and sense and respond capability. It uses the Activity Correlation Manager ABB to carry out complex, real-time/near real-time analysis to determine and trigger complex events as well as render real-time trends in business activity. It uses different channels to support alerts and notification about the occurrence of events, and supports continuous monitoring of events. This capability helps organizations to proactively react to both threats as well as opportunities. An example of an opportunity might be a customer’s pattern of buying triggering a sales recommendation or particular business process flow. An example of threats might be the loading of processes by a particular key insurance quote process, with the trending to failure, or the occurrence of a particular sequence of events in a nuclear power plant.

Business Activity Monitor

This ABB monitors the event, business activities in a business processes, and services. It interfaces with the Integration Layer to handle notification and propogation of events.

Activity Correlation Manager

This ABB reviews and assess inbound business and service activity in the form of event information and determines responses or issues alerts/notifications.

Event Manager

This ABB controls the issuance of events in the solution. It controls the ability to issue and subscribe to events and any logging or processing of the events.

Integration Layer: Event Producer

See Event Producer ABB in the Integration Layer.

Integration Layer: Event Listener

See Event Listener ABB in the Integration Layer.

Logging Manager

This ABB is responsible for configuring and enabling logging of events and business messages. Logging frequency and log size should be configurable.

Policy Enforcer

This ABB is responsible for enforcing QoS policies including security policies and serves as Policy Enforcement Points (PEPs) in all the horizontal layers and other cross-cutting layers in the SOA RA. It is important to note that this ABB logically also includes the responsibilities of a security policy enforcer.

This ABB interacts with the Governance Layer to retrieve the policies stored there and enforce them locally in each layer. It provides the binding from whatever standards or formats the policies are written in to the formats needed to enable the ability to enforce them. The intersection or instantiation of this ABB for different layers of the SOA RA represent the PEPs in the architecture.

This ABB may execute diverse policies associated with lower-level message functionality such as addressing transformation, routing, caching, compression, and other content handling functions provided by Integration Layer and other layers in the SOA RA. The specific packaging functionality varies among vendor implementations and can be packaged in software and/or hardware (firmware).

The places where policies are actually applied and enforced change depending on the lifecycle stage.

The registry/repository itself is the point of enforcement during design time. Policies are generally enforced by the underlying message transport system that connects service providers with consumers during runtime. Often, the service container provides the ability to enforce policies, ensuring the services’ compliance with their SLAs. Finally, policies are typically enforced by the IT management system during maintenance and manage phase of the lifecycle.

This ABB representing the PEPs can be implemented in software or as a standalone network device such as an appliance. It is any hardware-based, high-performance functional component that intercepts, inspects, filters, and performs content-aware policy-driven processing on application messages and their payloads. It can also be implemented in conjunction with other network device functionality: co-processors, proxies, gateways, blade servers, routers, grids, and other configurations.

The Policy Manager ABB in the Governance Layer sets and updates the policies to be enforced. The Policy Monitor ABB monitors to ensure the policy enforcers are executing correctly.

Policy Monitor

This ABB enables automation of monitoring for violations of policy. It includes checkpoints in SOA processes and is an integral part of compliance processes policy. This ABB obtains its policies from the Policy Manager ABB in the Governance Layer. This ABB is passive and interacts with the Policy Enforcer ABB to take any actions when violations are detected. It is responsible for:

  • Capturing real-time collection and statistical analysis for display
  • Providing a management console for visibility into the management of distributed network of PEPs and the status of these enforcements
  • Logging and aggregating measurements and highlighting significant events
  • Correlating, analyzing, and visualization of data fed in by the Policy Enforcer ABB at various PEPs

Governance Layer: Policy Manager

See Policy Manager ABB in the Governance Layer.

Governance Layer: Business Rules Manager

See Business Rules Manager ABB in the Governance Layer.

Configuration Manager

This ABB is a set of tools used to define the configuration of SOA solution and processes being governed, as well as to configure tools used to implement and enforce governance. These tools may be driven in an automated way to adjust configurations based on monitoring, policy enforcement, compliance, and dispensation processes.

Ideally, it also supports identifying and preventing improper configurations based on dependencies between ABBs. It enables dynamic configuration of ABBs on-demand. If ABBs are fine-grained, they will be more flexible if they are configured based on specified rules. This configuration can be handled in the following two ways:

  • Through template-based configuration, where a user can select a specific template based on the corresponding service request scenario. The system will select all the rules associated with this template and configure the ABBs to support the rules. This requires scenario templates to be created and stored in a repository to be selected when needed.
  • Through dynamic template creation, where a user selects certain characteristics and the system will determine the appropriate rules and configure using relevant ABBs at runtime. For instance, a user may require that the system adopt an industry messaging standard and satisfy some SLAs. Based on these requirements the system during runtime will select the appropriate data transformation, protocol conversion, and service providers that meet the SLAs.

Metadata Manager

This ABB is responsible for managing metadata in repositories.

Governance: Change Control Manager

See Change Control Manager ABB in the Governance Layer.

Governance: Repository

See Repository ABB in the Governance Layer.

Structural Overview of the Layer

The ABBs in the Quality of Service Layer can be thought of as being logically partitioned into categories which support:

  • Ability to provide the command center for security management as well as the operational security capabilities for non-IT assets and services
  • Ability to manage and monitor security and secure solutions
  • Ability to monitor and manage IT infrastructure and systems
  • Ability to monitor and manage software services and applications
  • Ability to monitor and manage business activities and business processes and associated KPIs
  • Ability to manage events
  • Ability to monitor and enforce a multitude of policies and corresponding business rules
  • Ability to change solution configuration and descriptions
  • Ability to store and access policies and business rules

ABBs in the Quality of Service Layer ABB illustrates the ABBs partitioned into key categories:

ABBs in the Quality of Service Layer ABB

ABBs in the Quality of Service Layer ABB

Inter-Relationships between the ABBs

Relationships among ABBs in the Quality of Service Layer illustrates the key relationships amongs the ABBs in the Quality of Service Layer for management of the solution in an operational environment.

Relationships among ABBs in the Quality of Service Layer

Relationships among ABBs in the Quality of Service Layer

Relationships among ABBs for Command and Control Management and Security Management in the Quality of Service Layer

Relationships among ABBs for Command and Control Management and Security Management in the Quality of Service Layer

Significant Intersection Points with other Layers

Interaction with Cross-Cutting Layers

The Quality of Service Layer depends on other cross-cutting layers in the SOA RA to fulfill its responsibilities:

  • It depends on Integration Layer for service integration (adapters), service mediation, message routing and transport, asynchronous messaging, event brokering and listening, transaction management, data aggregation, message, semantic, data and protocol transformation, and exception handling. The Solution Manager ABB uses the Event Producer ABB and Event Listener ABB in the Integration Layer to produce and listen to events.
  • It depends on the Governance Layer for definition of policies and associated business rules and responses (dispensations and appeals) to non-compliance and exceptions. The Solution Manager ABB works with the Repository ABB and Policy Manager ABB in the Governance Layer. The relationship of the Quality of Service Layer with the Governance Layer is significant because the Governance Layer contains the processes for identifying and setting the business policies and objectives that generate the QoS NFRs.
  • It depends on the Information Layer for definition of events.

The Quality of Service Layer is used by other cross-cutting layers to fulfill their respective responsibilities; for example:

  • The Policy Enforcer ABB is leveraged by the Integration, Information Architecture, and Governance Layers to enforce multitude of policies for the respective layers.
  • The Access Controller ABB is leveraged by the Integration, Information Architecture, and Governance Layers to enforce security and access control policies for the respective layers.
  • The Data-Driven Access Controller ABB is leveraged by Information Layer to enforce access control policies based on individual data items.

Key Interactions of the Quality of Service Layer with Cross-Cutting Layers

Key Interactions of the Quality of Service Layer with Cross-Cutting Layers

Interaction with Horizontal Layers

It should be noted that the Solution Manager ABB interacts with all other layers: Consumer Layer, Business Process Layer, Service Layer, Service Component Layer, Operational Systems Layer, Integration Layer, Information Layer, and Governance Layer. There are other specific uses of the Quality of Service Layer and its ABBs by horizontal layers such as:

  • The Policy Enforcer ABB is leveraged by the Consumer, Business Process, Service, and Service Component Layers to enforce a multitude of policies for the respective layers.
  • The Access Controller ABB is leveraged by the Consumer, Business Process, Service, and Service Component Layers to enforce security and access control policies for the respective layers.
  • The IT Systems Manager ABB manages all the resources in the Operational Systems Layer.
  • The Status Manager ABB is updated by the Service Container when a service changes status.
  • All layers collaborate with the Quality of Service Layer via the Solution Manager ABB which coordinates the QoS and security needs of the SOA solution.

Key Interactions of the Quality of Service Layer with Horizontal Layers

Key Interactions of the Quality of Service Layer with Horizontal Layers

Usage Implications and Guidance

The Quality of Service Layer establishes NFR-related issues as a primary feature/concern of SOA and provides a focal point for dealing with them in any given solution. It provides the means of ensuring that an SOA meets its requirements with respect to, for example:

  • Reliability
  • Availability
  • Manageability
  • Scalability
  • Security

Finally, it enhances the business value of SOA by enabling businesses to monitor the business processes contained in the SOA with respect to the business KPIs that they influence.

A significant issue with SOA is security due to its potential perimeter-less nature as opposed to the traditional, web-based, “within the firewall” kind of application. SOA security, which is perimeter-based security, is a capability realized by the Quality of Service Layer.

 

 

 

The Open Group
Platinum Members
HP IBM Oracle Philips