Oracle Integration

SOA Software’s Service Manager™ integrates with Oracle’s BPEL Business Process Manager and related products.  With Oracle exposing and consuming Web services as part of their next-generation of eBusiness Suite, version 11.5.10, the Service Manager provides Oracle customers with the ability to implement Web services with end-to-end security, location transparency, SLAs, and quality of service. With the Service Manager, Oracle’s process tools can now enable the benefits of an SOA by abstracting all the complexity of consuming Web services away from the process tools, bringing true agility for the first time to a loosely coupled heterogeneous environment.

Integration with Oracle eBusiness Suite 11.5.10
As a comprehensive platform for XML and Web services security and management, the Service Manager can be used to extend the functionality of the Oracle eBusiness Suite 11.5.10 Process Manager and enable a secure, manageable Service-Oriented Architecture that leverages Oracle technology.  The Service Manager provides the following security and management functionality for Web services exposed in your enterprise through Oracle 11.5.10:

• Centralized Policy Management
• Performance Monitoring and Reporting
• Security Enablement, Enforcement and Auditing
• Provisioning, Contracts and SLA management
• Web Services Publishing, Search and Discovery via UDDI
• Multi-protocol message transport for quality-of-service

Integration with Oracle BPEL Process Manager
SOA Software’s Service Manager can be used to extend the functionality of the Oracle BPEL Process Manager and enable a complete Business Process Management solution based on Web services.

• Securing and Managing the BPEL workflow - SOA Software’s Management Point™ can be used to secure and manage the BPEL workflow because the BPEL workflow is a Web service defined using a WSDL.  As a result, the communication/invocation from a client application that uses SOA Software’s Gateway™ can be secured and monitored.
• Securing and Managing Web Services that are part of the BPEL workflow - In this scenario, the Management Point is used to secure and manage the underlying Web services that are part of the BPEL workflow.  The BPEL workflow may have several Web services with various security and monitoring requirements which can all be managed using the Management Point.
• Monitoring the BPEL workflow with SLAs - The Service Manager has the ability to monitor Web service performance and enforce SLAs that are associated with the BPEL workflow.  The DESM can generate alerts in case of SLA violations.

SOA Software Announces Record Growth in Production Environments

Los Angeles, Calif., Sept 3, 2008—SOA Software, a leading Integrated SOA Governance Automation vendor, announced today that the number of transactions processed by its systems each month grew by 400%, to over 2.5 billion transactions a month.  The growth was due to the expansion of existing production systems and the deployment into production of new SOA Governance systems.

SOA Software attributes this dramatic growth in production usage to the rapid expansion of the market driving demand for SOA Governance solutions, the maturity and performance of SOA Software’s products, the SOA Governance Certification with major Platform vendors such as IBM, JBoss, Microsoft and SAP, and its ability to meet the needs of the most demanding customer environments.

Using SOA Software’s products, enterprises can align people, processes and technology to deliver a successful SOA program.  SOA Software’s products reduce the cost and risk in an enterprise SOA program, helping customers build the right services, build services the right way, and run services the right way by providing a platform-independent Integrated SOA Governance Automation solution.  SOA Software’s products offer exceptionally low-latency, coupled with the ability to scale nearly limitlessly, while ensuring the availability and security of enterprise services.

In a further strengthening of SOA Software’s market position, the company has certified IBM, Microsoft, SAP, and RedHat JBoss through its Governed Service Platform Certification Program providing customers and integrators with the confidence to use these platforms as part of a heterogeneous enterprise SOA environment.

Our Governed Service Platform Certification program gives companies the confidence to implement SOA solutions at scale in mission critical production environments,” said Paul Gigg, president and chief executive officer of SOA Software.  “SOA Software continues to set the pace for deployed SOA Governance production systems.”

About SOA Software

The world’s largest companies including Merrill Lynch, Verizon, and Pfizer use SOA Software to quickly and confidently realize the value of SOA.  SOA Software’s platform-independent Integrated SOA Governance and Mainframe SOA products process over 2.5 billion mission critical transactions per month, ensuring the relevance, security, reliability, and performance of services and applications. For more information, please visit http://www.soa.com.

SOA Software, Policy Manager, Repository Manager, Service Manager, and SOLA are trademarks of SOA Software, Inc. All other product and company names herein may be trademarks and/or registered trademarks of their registered owners.

Compuware

Founded in 1973, Compuware is one of the world’s largest independent service/software companies, with annual revenue exceeding $1 billion. We have more than 23,000 customers in 93 countries, and serve the world’s largest IT organizations—including 95 percent of the Fortune 100. We offer a powerful set of integrated enterprise IT solutions to accelerate the development, improve the quality and enhance the performance of business-driving applications.  With offices in 60+ locations worldwide, Compuware is a global industry leader in providing business value through software and professional services that optimize productivity and reduce costs throughout the IT life cycle.

http://www.compuware.ca/en/solutions/soa/offering.htm

SOA Software Selected by AlwaysOn as Top Private Company For The Third Consecutive Year

Los Angeles, Calif., July 21st, 2008—SOA Software, a leading Integrated SOA Governance Automation vendor today announced that for the third straight year, it has been chosen by AlwaysOn as one of the prestigious AO Global 250 Winners. Inclusion in the AO Global 250 signifies major developments in the creation of new business opportunities in the global technology industries. SOA Software was specially selected by the AlwaysOn editorial team and other industry experts spanning the globe, based on a set of five criteria: innovation, market potential, commercialization, stakeholder value, and media buzz.

SOA Software and the AlwaysOn Global 250 Top Private Companies will be honored at the AlwaysOn & STVP Summit at Stanford scheduled to occur on July 22-24, 2008 at Stanford University. This two-and-a-half day executive event highlights the significant economic, political and commercial trends disrupting the global technology industries and features the most innovative companies, eminent technologists, influential investors and journalists in keynote presentations, panel debates and private company CEO showcases. Fifty of the top CEOs from the AO Global 250 will present their market strategies to a panel of industry experts in a “CEO Showcase.” SOA Software will be presenting on July 23, 2008.

“The AO Global 250 winners have excelled in key strategic areas in the global technology markets,” said Tony Perkins, founder and CEO of AlwaysOn.  “We congratulate them for their success in introducing new tools, services, and platforms that are driving the next phase of innovation and creating real value at an economically uncertain time.”

The AO Global 250 was selected from over hundreds of companies, nominated by a panel of industry experts in the online technology, media, entertainment, enterprise and greentech sectors from around the world. A full list of all the AO Global 250 winners can be found on the AlwaysOn Web site at http://alwayson.goingon.com/permalink/post/27959

With the Always On recognition at the upcoming Summit, SOA Software joins a prestigious group of organizations and individuals who provide successful cutting edge products and services in the technology industry.  Since 2002, SOA Software has provided its customers with products to accelerate their adoption of SOA. The company’s products provide a comprehensive Integrated SOA Governance Automation solution. They offer lifecycle governance, security, management and mediation of SOA, ensuring the security, reliability, performance and ease of development of service-oriented business applications. The company provides the industry’s fastest and most scalable solution for platform-independent Integrated SOA Governance Automation.

“SOA Software is particularly proud to be recognized by AlwaysOn for three years in a row,” said Paul Gigg, President and CEO of SOA Software. “This recognition serves as a testament to our success in the marketplace. We will continue doing what we do well- being an SOA industry thought leader and providing the very best Integrated SOA Governance products and services that help companies maximize their SOA investments”

About SOA Software

SOA Software’s industry-leading Integrated SOA Governance Automation products provide accountability and control over enterprise SOA programs.  The world’s leading organizations including Merrill Lynch, Verizon, and Pfizer rely on SOA Software’s collaborative lifecycle solutions to build the right services the right way, and to protect their investments by ensuring the performance, availability and security of services on all their distributed and mainframe platforms.  For more information, please visit http://www.soa.com.

SOA Software, Policy Manager, Repository Manager, Service Manager, and SOLA are trademarks of SOA Software, Inc. All other product and company names herein may be trademarks and/or registered trademarks of their registered owners.

About AlwaysOn

AlwaysOn ignited the open-media revolution in early 2003 by being the first media brand to launch a community blog network.  In 2004, AlwaysOn continued to lead the industry in innovation by engaging its bloggers in a social network. AlwaysOn is also revolutionizing the media business by applying its open-media principles to its executive event series (Stanford Summit, OnHollywood, OnMedia, GoingGreen, NordicGreen, and Venture Summit East and West) and quarterly print “blogozine”. No other media brand has dared to create such open interaction with its readers and event participants.

Pricing

Pricing available upon request.  Please contact a sales representative at .

SOA Software is licensed per user and per CPU, based upon the modules required.  Enterprise site pricing is available for larger customers.

Always On Global 250 Award Winner 2008

SOA Software is proud to announce a third consecutive year winning an Always On Award
web site

Enterprise SOA and the Mainframe Solutions

Jump to:

• What is Mainframe SOA?
• Essential Components of Mainframe SOA
• SOLA - the only Mainframe SOA Solution
• Build Your Own
• SOLA - Fully Assembled, Governance Built In
• Enterprise SOA is more than just a jigsaw puzzle
• Why can “free” be expensive?
• SOLA Cost Savings
• SOLA Performance - CPU time is money
• SOLA Stability
• SOLA Features and Advantages
• SOLA Development Environment
• SOLA Deployment Container
• Future Releases
• SOLA Governance

What is Mainframe SOA?

The terms Web Services and SOA are often used interchangeably, but the reality is that they’re quite different.  Let’s begin by describing what SOA isn’t, and we’ll leave that to Joe McKendrick and Dave Linthicum:

• An effective, functioning service-oriented architecture requires governance, and the ability to share services across multiple business units and enterprises.  It’s easy to build Web services.  You could build 10 of them in an afternoon.  But, then you end up with a JBOWS architecture (Just a Bunch of Web Services), which will grow into a different sort of SOA; a Spaghetti-Oriented Architecture.
  Joe McKendrick, analyst and editor with Webservices.org

• SOA is a true systemic change in the way you approach enterprise architecture. That’s where the value is, and not just Web service-enabling your systems, or purchasing and implementing products with the “SOA hype label” bound to them.
  Dave Linthicum, well known author, professor and writer

So what is Mainframe SOA, and how can you achieve it?  The answer is surprisingly simple; Service Oriented Architecture is an architectural methodology for the loose coupling and management of services.  The emphasis in SOA is on the “A”.  SOA uses loosely coupled, interoperable and composeable services.  These services have well-defined interfaces as well as QoS attributes (or policies) on how these interfaces can be used by Service Consumers.

SOA is concerned with manageability, reliability, security and change management.  Collectively these terms are known as “Governance”.  In order to bring SOA to a mainframe environment, companies must apply Governance to any implementation of Web Services.

back to top

Essential Components of Mainframe SOA:

It’s essential that your SOA solution considers the following categories.  Failure to do so can lead to an ungoverned mess, or “Just a Bunch Of Web Services”

SOAP & XML Capability: SOAP and XML capability (commonly called “web services”) is the foundation of SOA.  Many vendors only offer mainframe web services, ignoring the other components of SOA.

Security: security is essential when integrating mainframe applications, especially those dealing with sensitive data.  The only viable solution to Web Services security is to use WS-Security, which is the widely accepted standard for securing services.

Policy Management: policy management is the heart of SOA governance.  A policy can define how a service can be used, who can use it, what security is required and much, much more.  Policy management based on WS-Policy standards is essential.

Registry: the Holy Grail of SOA is reuse.  The key to reuse is discovery of services.  This is accomplished by publishing services in a Registry.  A registry provides for reuse and discovery and is an essential ingredient in SOA governance.

Monitoring, Logging & Audit Controls: effective Governance requires measurement, for without measurement you will be unable to judge whether your services are meeting service level agreements.  Monitoring, logging and audit capability are essential building blocks of Governance.

Development Tools: it is impossible to develop services without the use of a comprehensive development tool.  The tool needs to be powerful and it must allow management of your SOA.  It must be easy to use; there shouldn’t be a steep learning curve requiring extensive training.  Finally, it should not consume enormous resources on a developer’s work station (ideally it should be “thin client”).

Support for Architectural Standards: a viable SOA must be adaptable to a wide range of architectural standards, particularly yours.  Features such as flexible web service development (bottom-up, top-down or meet-in-the middle), configurable dictionary, customizable access and environments, etc. are all hallmarks of an adaptable SOA.  The bottom line is that your solution should fit the way you do things, not the other way around.

Change and Release Management: an often overlooked aspect of service development is the “service lifecycle”.  Integrated change and release management is essential to allow you to effectively manage change in your environment.  Ideally your SOA solution should integrate into your existing change management procedures, and should provide you with impact analysis when a service is changed.

Workflow Management: orchestration is perhaps the most misunderstood aspect of service development.  Some people consider that a 3270 business transaction, because it involves a conversation, requires a proprietary orchestration tool to make it work.  In fact, a better approach is to use a tool that is smart enough to understand a “business use case”, and to publish that as an atomic service, without the need for proprietary orchestration to “glue together” the screen transitions.  It is services themselves that need to be orchestrated, and that orchestration should be performed using industry standard techniques.  The only acceptable technique for orchestration is to compose services using “Business Process Execution Language (BPEL).

back to top

SOLA - the only Mainframe SOA Solution

More than ten years after the predicted demise of the mainframe, the platform is anything but dead.  The bulk of the Fortune 1000 still run the majority of their critical systems on the mainframe, and these companies do so because the mainframe is reliable, scalable and efficient – the average mainframe application offers considerably lower TCO than an equivalent distributed application, and does so at lower risk.

The challenge facing corporate IT departments today is how to leverage exiting investments in mainframe systems and applications by allowing them to be active participants in enterprise wide SOA.  Most importantly, the mainframe must participate in SOA without compromising its advantages in performance, reliability or cost effectiveness.  To truly leverage the mainframe, it must become a first class participant in an enterprise SOA.

SOLA is the market’s most complete mainframe SOA solution.  SOLA is the fastest, most reliable, most efficient and most economical mainframe SOA enablement platform.  It is the only mainframe SOA product that’s used in high volume (10,000,000+ transactions per day) mission critical applications by some of the best known firms on the Fortune 500.

back to top

Build Your Own

There are several vendors in the space that offer mainframe web services coupled with one or more components of mainframe SOA.  IBM’s CICS TS v3.x also provides SOAP and XML capability upon which a solution can be built.

Regardless of which option you chose, if you do not buy a complete SOA solution, you will be faced with the daunting task of integrating several components to create a viable mainframe SOA.  As mainframe SOA is relatively new, not every category has a matching product.

back to top

SOLA - Fully Assembled, Governance Built In

SOLA is the only product in the space that offers a complete mainframe SOA solution out of the box.  SOLA provides proven, quick, efficient and cost effective application integration by publishing legacy applications as Web Services and providing every single component of a viable mainframe SOA.

• SOLA is the only enterprise class mainframe SOA solution.
• SOLA offers end-to-end governance and unlimited scalability.
• SOLA runs the world’s largest mainframe SOA implementations.
• SOLA offers integrated monitoring, logging, auditing, WS-Security and WS-Policy on the mainframe
• SOLA implements the entire SOAP stack on the mainframe, inheriting the mainframe platform’s legendary speed, reliability, scalability and manageability.
• SOLA offers a complete SOA solution; there is no need to integrate multiple products when building an enterprise-class SOA .
• SOLA is the only mainframe SOA product to offer closed-loop Governance automation.
• SOLA is the only secure, standards-based, and governable product in the space.

back to top

Enterprise SOA is more than just a jigsaw puzzle

As important as the essential components of enterprise SOA are, they are a single dimension of a more complex issue.  SOLA was designed from the ground up to address the entire spectrum of mainframe SOA issues.

back to top

Why can “free” be expensive?

There are other tools available to help you develop your own Mainframe SOA solution.  IBM’s CICS TS v3.x provides the foundation (SOAP and XML capability) for mainframe SOA built into CICS.  It is very tempting to believe that you can avoid purchasing a product and work with this “free” capability to create your own mainframe SOA. 

Free can be the most expensive option:

• Extended development times
• Higher CPU costs
• Third party solutions for monitoring and metrics
• Security vulnerabilities due to complexity
• Production outages due to complexity
• Lower operational efficiency due to complexity
• Training costs from not leveraging human assets
• Hardware costs for middle-tier servers and upgrading workstations

back to top

SOLA Cost Savings

SOLA is not only cost effective, it pays for itself in short order:

• Constant and ongoing savings due to low MIPS overhead
• Reliable – minimizes support costs
• No need to rewrite legacy apps or to write wrapper programs
• No need to upgrade developer workstations
• No need for cross platform skill training
• Fully scalabale – no need for major overhauls to increase capacity

SOLA is proving its worth in production every day in one of the most demanding industries in the world – the financial services industry.  At one customer over 200 legacy applications expose hundreds of Web Services using SOLA.  Clients estimate that SOLA saved each application $0.5 to $2 million through cost avoidance and direct savings.

• “We had estimated about $800K using traditional technology to build a system. But by embracing SOLA we did the project for $30K.”
  John McKinley, former CTO, Merrill Lynch
• “SOLA gives us a competitive advantage by allowing us to bring products to market quicker than our competitors.”
  Andy Brown, former Chief Technology Architect, Merrill Lynch

back to top

SOLA Performance – CPU time is money

SOLA includes a compliant non-validating parser (the SOLA DOM parser).  Extensive performance tests were conducted to estimate the impact of parsing XML on a mainframe.  The results were as follows:

• The SOLA assembler parser takes around 0.0001 CPU seconds to parse 1,000 bytes.
• Parsing 1,000 bytes (a typical input XML message size) adds less than 1% to most transactions.
• At a typical chargeback rate of $0.20 per CPU second, parsing 1,000 bytes would cost $0.000020. That amounts to a minuscule $20 to parse 1 million transactions.
• SOLA is built for high performance and high transaction volume.  Several customers report running up to 10 million transactions per day through SOLA.

To test the difference in performance between SOLA and CICS TS 3.2, we wrote a COBOL program containing various data types.  The goal of the program was to generate a large XML response to put both products through their paces.  When we attempted to import the program using CICS Web services assistant, the import failed because the program contained many unsupported data types.  SOLA imported the same program without any issues.

To make the comparison fair, we altered the program to remove the data types that IBM couldn’t handle, then imported the modified program using both Web services assistant and SOLA.  This program was similar to the original, but lacked some functionality because of IBM’s limitations.

We ran the program1000 times in both environments:

IBM: 46.1 seconds for 1000 web service invocations, or 0.046 CPU seconds per call.

SOLA: 7.5 seconds for 1000 web service invocations, or 0.007 CPU seconds per call.

RESULT: SOLA was approximately 615% faster than CICS TS v3.2.

back to top

SOLA Stability

Millions of transactions have been processed through SOLA during extensive stability tests.  No failures were experienced. SOLA has been in production for five years – no production failures have been experienced.  To date, billions of transactions have been processed by SOLA.

back to top

SOLA Features and Advantages

SOLA has several significant advantages over competitive products. Taken together these features provide lower cost and greater productivity.

SOLA Features

• Leverage Human Assets
  All competitive products create services from existing mainframe programs, but only SOLA leverages human assets. With SOLA the mainframe programmer – the person who knows the program the best – creates the services. Competitive approaches expect the distributed programmer – the person who knows the program the least (if at all) to create services.
  
  

• Global Dictionary
  One of SOLA’s many features is an integrated global dictionary that allows for the automatic translation of COBOL field names without affecting the source program.  The SOLA dictionary centralizes translation services, therefore minimizing duplication of effort for developers.
  
  

• Security based on WS-Security and WS-Policy
  SOLA security is based on WS-Security and WS-Policy standards and implemented on the mainframe.  By implementing WS standards on the mainframe, SOLA provides efficient and flexible security, obviating the need for a middle tier security agent.
  
  

• Batch Capability
  SOLA provides a number of significant features that are available to the z/OS batch programmer.  Firstly, the SOLA DOM parser and API provide the batch programmer with methods to easily and inexpensively consume and create XML documents.  Secondly, the SOLA outbound support is also available to the batch programmer, making it simple for a batch program to consume an outbound web service.
  
  

• Browser based Web 2.0 development environment
  With SOLA there’s no workstation software to install – the entire SOLA development toolset runs in a browser. This is a huge advantage – in our experience the majority of developers don’t have workstations that are powerful enough to run the “previous generation” development toolsets provided by competitors.

• Support for Architectural Standards
  Using the combination of the SOLA dictionary, WSDL-first development and powerful WSDL customization features, SOLA can publish web services that comply with any and all possible architectural standards.
  
  

• WSDL-First Development
  A lot of mainframe shops that are adopting SOA develop WSDL that complies with their architecture standards before creating web services. SOLA allows developers to create services that comply with an existing WSDL as well as create services from scratch that generate their own definitions.  The SOLA dictionary can be leveraged to make this process faster and easier.
  
  

• UDDI Directory
  All services created by SOLA are automatically published to an external UDDI 3.0 registry, which ensures that services exposed by SOLA are visible and useable within the enterprise.
  
  

• Standards Based
  SOLA is a standards based solution, allowing interoperability across platforms, operating systems and programming languages.  Being standards based also allows SOLA to expand and evolve without cumbersome enterprise-wide revisions, giving it unparalleled reusability and growth potential.
  
  

• Customization APIs
  SOLA provides customization APIs that allow customers to add capabilities beyond the product’s existing feature set.  These APIs allow the user access to SOLA processing at various points in the SOAP stack so that processing can be manipulated by user specific application code.  These APIs also support custom security exits.  Custom APIs can be defined at the installation level or at the individual method level.
  
  

• Orchestration
  SOLA provides orchestration using BPEL (Business Process Execution Language for Web Services).  BPEL is an XML based standard for designing, defining, implementing, and deploying composite web services, including business logic, sequencing, exception handling and process decomposition. BPEL is supported by the SOLA run-time engine.
  
  

• Dashboard
  The SOLA dashboard allows you to keep an eye on your web services, regions and more with a graphic user interface that provides at-a-glance status information, as well as access to SOLA’s monitoring, audit and error logs.
  
  

• XACML Authorization
  SOLA allows you to create your own authorization protocols to suit the way your organization functions rather than forcing you to adapt to a rigidly defined authorization structure.

SOLA Advantages

• Publishes legacy applications as Web Services, allowing them to easily integrate with .Net, J2EE or any other development environment.
• Can create web services from Commarea programs, 3270 transactions, stored procedures, Adhoc SQL and Callable APIs.
• Inbound and outbound web services support (the mainframe can act as a web services server or a web services client)
• Proven and Enterprise ready
• Requires no middle tier hardware or software, runtime runs entirely on the mainframe for improved performance and increased reliability.
• WC3-compliant Assembler XML parser for superior performance and low parsing costs.
• Easy to use and deploy – “one click” creation of web-services.
• Single sign-on using LDAP or SAML 2.0
• Outbound services support for SSL/TLS and proxy
• Supports both http and MQ transport layers
• Eliminates the need for cross platform skills training (no Java or Visual Basic skills are required to publish Web Services from legacy applications using SOLA)
• Includes comprehensive monitoring and error logging for easy problem diagnosis and resolution
• Integrated testing and debugging tools
• CICS 3.x Integration – If required, SOLA can be integrated directly into the CICS 3.x pipeline.

Furthermore, no coding is required to publish Web Services with SOLA. It is simple and easy to use with a minimal learning curve. An integrated test harness allows the developer to test and validate their Web Services with just a few mouse clicks.  Finally, SOLA is proven in extensive mission critical production systems today.

SOLA is already helping to achieve the pinnacle of application integration - reuse. Business functions previously isolated in legacy applications are now open for reuse by other applications in new and innovative ways.

Other solutions require extensive middleware (hardware and software). Although the initial cost of these solutions appears economical the ongoing support and management is cost prohibitive.

back to top

SOLA Development Environment

The SOLA Development Environment uses a J2EE compliant server and requires no workstation software to be implemented. The full features of the development environment are accessible through a browser.

SOLA COMMAREA Analyzer
The SOLA COMMAREA Analyzer is used to analyze programs that expose a communications area interface.  The analyzer reads a program’s compile listing, parses the COMMAREA and determines how the fields within the COMMAREA are used.  It then produces a WSDL file documenting the interface, a test harness and a run-time metadata template.  The template can be moved to production using standard change management procedures. The program will be automatically documented in the SOLA directory.

SOLA 3270 Analyzer
The SOLA 3270 Analyzer implements an interactive graphical interface. Using this tool, developers execute the application by going through the application’s screens/maps.  SOLA automatically records the interactions and aggregates them into a single web service (e.g. a multi-screen update transaction will be published as a single web service).  It then produces a WSDL file documenting the interface, a test harness and a run-time metadata template.  The template can be moved to production using standard change management procedures. The aggregated transaction is automatically documented in the SOLA directory.

SOLA Outbound Analyzer
The SOLA Outbound Analyzer allows developers to import the WSDL representing an external web service and then analyze the operations of that service to create callable methods.  The analysis automatically creates COBOL or PL/I copybooks that represent the interface to the operations.  This approach allows programmers to execute an external Web Service with a simple “CICS Link” command.

The SOLA UDDI Directory
The SOLA UDDI Directory is maintained in DB2.  All Web Services created by SOLA are fully documented in the SOLA Directory and are organized by project.  Since it is a UDDI directory, it is searchable in a variety of ways. 

The SOLA Testing Facilities
SOLA automatically creates a test harness for every Web Service created. This is an extremely helpful tool for the Web Service creator (usually a COBOL programmer), as it allows for the testing of new Web Services before deployment.

back to top

SOLA Deployment Container

MRO
SOLA can run using standard CICS multiple region operation (MRO).  The http/MQ listener runs in a listening region, dispatching the host application programs in application owning regions.  SOLA handles the communication of data between the listening and application regions.  Although CICS has a limit of 32K that can be passed between the listener and application regions, SOLA can accept requests and deliver responses that exceed this limit.

Error Logging
SOLA provides full error logging. Error logging reports are available through a Web reporting tool and are also provided as a Web Service.

Monitoring
SOLA monitors every transaction that it handles.  Monitor reports are available through a Web reporting tool and are also provided as a Web Service.

Auditing
SOLA provides an optional auditing facility, which records both input and output SOAP messages for audited transactions.  The facility is extremely useful for problem diagnosis.  Auditing is controlled using WS-Policy.

Security
SOLA has the most powerful and most versatile security in the industry, using Symmetric and Asymmetric encryption (WS Security, & SAML 2.0 etc.) and by providing mapping between various identities to the mainframe security paradigm (for example, mapping from SAML 2.0, X509, AD/LDAP to mainframe RACF/ACF2/TOP-Secret).  Furthermore, the user’s authorization choices range from most basic available on the mainframe such as RACF to XACML PDP residing on or off of the mainframe.

Transport Mechanism
SOLA offers http/s and MQ as transports.

Outbound SOAP requests
SOLA provides the ability for the programmer to issue an outbound SOAP request to an external system. That SOAP request is transported by http, https (SSL) or MQ to the external system.  The requesting program can be running either in CICS or batch.

Configuration
SOLA takes advantage of the full scalability and fail-over features of parallel sysplex. SOLA introduces no affinities, allowing the workload manager to run transactions on any system in the sysplex.

back to top

Future Releases

Additional standards, such as WSDM and WS-Addressing are planned for future releases.

back to top

SOLA Governance

SOLA is the only mainframe SOA product to offer closed-loop Governance automation.  A service is automatically governed from the point of creation because it inherits a security policy.  Policy, by means of WS-PolicyAttachment, is associated with the service though all phases of the Software Development Lifecycle.  It is not possible to create or run an ungoverned service.

On top of this, SOLA’s built in monitoring, logging and auditing capabilities, as well as its standards based architecture combine to make SOLA fully governable by external governance products like SOA’s Workbench.

SAP TechEd 2008

WHY SHOULD YOU ATTEND?

Come to SAP TechEd 2008, and learn how to be a best-run business. You will gain the knowledge, skills, and professional network needed to take advantage of SOA, and learn how to use the power and flexibility of SAP NetWeaver to innovate and transform your business processes.

Connect, collaborate, and co-innovate with the best minds in the IT industry, and learn how to:

• Adopt service-oriented architecture and discover services in the enterprise services repository of the SAP NetWeaver platform
• Unlock additional value and business insight for your business users with the combination of SAP and Business Objects
• Build a new class of composite applications with the SAP NetWeaver Composition Environment
• Close the gap between business and IT with the business process management capabilities of SAP NetWeaver
• Draw from all the development and composite applications co-innovated by SAP ecosystem partners, developers, and customers
• Leverage end-to-end solution support and life-cycle management tools using SAP Solution Manager and SAP NetWeaver
• Take advantage of the integration and composition capabilities of SAP NetWeaver while upgrading to the latest releases of SAP ERP and the SAP Business Suite family of business applications

Don’t Miss Hundreds of Hands-On Workshops and In-Depth Lectures
SAP TechEd 2008 Las Vegas offers over 1,000 hours of instructor-led hands-on workshops and in-depth lectures in four jam-packed days.

• SAP lectures and hands-on workshops delivered by top SAP technical gurus and partners sharing their insider expertise and vision
• Customer-driven lectures and influence activities developed through our partnership with Americas’ SAP Users’ Group (ASUG)
• Community-driven lectures delivered by members of the SAP Developer Network (SDN) and Business Process Expert (BPX) communities

SAP TechEd Brings the Ecosystem to Life
Learn from and network with SAP technical experts, customers, partners, and peers through in-depth training and fun networking opportunities, including:

• Executive keynotes
• Demo Jam: a heavyweight developer competition that celebrates innovation by the SAP ecosystem
• Partner exhibit hall and SAP solution pods
• Community Clubhouse and networking events
• Pre-conference Community Day
• With this depth and breadth of content, you can expect a return on investment that no other educational event can offer.

  SAP TechEd enables you to leverage the tools you need to be flexible and agile in an ever-changing, competitive marketplace. Come to
  SAP TechEd, and get energized, engaged, and empowered!

  Visit us at Booth #83

  Event Web site
  Register for this event
  

  Webinar - SOA GOV CON - Keys to Business-Critical: SOA Governance

  Recorded July 17th, 2008, 12 Noon EST
  The Top SOA Governance vendors have agreed to answer the 5 Tough Questions:
  

  1. Does SOA Governance help me with both IT and business assets?
  2. How Can SOA Governance help me comply and define SLAs for business, policy?
  3. Compare SOA Lifecycle with Software Development Lifecycle. What’s the same? What’s different?
  4. How do I test updates to existing live SOA services?
  5. What are the Best Practices for designing & managing long-running transactions?

  Attend & Learn:
  

  • SOA Roadmaps for quick, demonstratable ROI
  • Design, Test, and Deploy SOA for powerful results
  • Streamlined Policy Enforcement
  • Time-Saving SOA Troubleshooting
  • The SOA 3 Month / 3 Year Rule
  • Managing Your SOA
  • Critical Rainy Day Strategies

  Learn more and register for this event
  

  Washington Mutual

  Web site

  SOA Software Update - June 2008

  Software Architect

  Deliver world-class top-notch architecture and design for the SOA infrastructure product modules.

  Job Specifications:
  

  • Deliver world-class top-notch quality architecture and design for the product.
  • Documenting the architecture and high-level design developed for product.
  • Participate in implementation aspects of core of the Service Manager modules being developed in India branch.
  • Mentor the remaining engineering team in India in delivering the quality work.
  • Explain the architecture and design and rational behind the architecture/design to the remaining engineering team so they can do quality implementation of the design.
  • Participate and perform the code reviews of the work done.
  • Work closely with US architecture and design team in understanding how the whole of the product works and architecture followed in whole of the product.

  Job Requirements:
  

  • Must have experience of architecting and designing either completely and parts of 2 to 3 large enterprise products.
  • Must have experience mentoring the technical team.
  • Must have extensive (6-9 years of) experience in the area of J2SE (JDBC, Java Threads), J2EE (JMS, JNDI) and XML (JAXP, DOM, SAX, XMLSchema, XPath, XSLT, SOAP, UDDI, WSDL) technologies.
  • Must have experience in architecting/designing products involving Oracle and SQL Server database.
  • Must be able to design the efficient database schemas. Must be able to write efficient database queries using JDBC.
  • Must have experience in the area of Java Security and XML security.
  • Must have experience of designing product with distributed components (especially, Web Services)
  • Must have developed/deployed some Web Services.
  • Must be savvy with respect to specifications in the area of Web Services and XML
  • Must have experience in using Configuration management tools, including version management software. Knowledge of SVN is a big plus.
  • Must have experience (2-3 projects) of documenting technical architecture and high-level design of the work performed. Must have experience in using modeling tools like Rational, etc…
  • Must possess excellent verbal and written communication skills.
  • Must have desire to excel, flexibility to work hard and skills and know-how to motivate the team to achieve excellence.

  Engineering Manager

  Be part of the Engineering division of an Indian subsidiary of a US-based successful company developing state-of the art products in the area of SOA infrastructure.

  Job Specifications:
  

  • Manage the Engineering division of SOA Software, India office.
  • Decision maker of the equipment to be procured for engineering needs with the help of members of the team.
  • Responsible for reviews of the members of engineering department.
  • Responsible for day-to-day management of engineering department with the help of Project Manager.
  • Responsible for processes to be followed in the engineering department.
  • Responsible for all deliveries from India office with respect to development and maintenance aspects of the product.
  • Work with QA management and product management to form a release management team.

  Job Requirements:
  

  • Must have experience in engineering management role of an enterprise product.
  • Must have technical understanding of the enterprise products architecture.
  • Must have the experience of various tools used in development of enterprise products with distributed architecture.
  • Must have experience in managing engineering teams of at least 15-20 in size.
  • Must have good documentation skills to document the processes to be followed in the engineering department.
  • Must be willing to and able to be hands-on when needed on the product development and maintenance.
  • Must have desire to excel, flexibility to work hard to achieve excellence.
  • Must have experience in working with distributed team structure.
  • Must possess excellent verbal and written communication skills.

  Project Manager

  Be part of the Engineering division of an Indian subsidiary of a US-based successful company developing state-of the art products in the area of SOA infrastructure.

  Job Specifications:
  

  • Responsible for management of various deliverables from India office.
  • Work with leads in development team to find the task list and to estimate for each task to prepare the project plan.
  • Track the status on regular basis.
  • Manage the risks for deliverables and take the mitigation steps necessary.
  • Responsible for achieving the deliveries within the acceptable quality and timelines with the help of development team members.
  • Report status on regular basis to Engineering Manager and to US team.

  Job Requirements:
  

  • Must have experience in project management of the software product development team.
  • Must have managed deliveries involving teams of size 15 to 20 people.
  • Must have technical understand of the J2EE enterprise products with distributed architecture.
  • Experience in XML, web services and SOA architecture is a big plus.
  • Experience in Indian subsidiary of US a company is a big plus.
  • Must have interacted with oversees clients (Clients in US is a big plus) for deliveries.
  • Must be an expert in Project management concepts. PMP certification is a plus.
  • Must be an expert in using Microsoft Project to track the project plans.
  • Must have the ability to manage concurrent small projects with overlapping resources.
  • Must have desire to excel, flexibility to work hard to achieve excellence.
  • Must have experience in working with distributed team structure.
  • Must possess excellent verbal and written communication skills.

  Consumer Contract Provisioning

  The idea of a consumer contract for SOA closely models the idea of a business contract.  It defines the terms of a relationship between a consumer, or group of consumers, and a service, or set of services.  These terms should include:
  

  • The policies the consumer(s) agree to comply with
  • The access rights the service(s) will provide the consumer(s)
  • The service levels the provider commits to delivering to the consumer(s)
  • Any mediation the provider(s) and consumer(s) agree to and require

  The SOA Governance solution has two important roles to play in the contract process:

  • Contract negotiation – the Governance solution should provide a workflow model allowing potential consumers to interact with service providers to request and negotiate access to, and specific service levels for, a service or set of services.
  • Contract enforcement – the Governance solution should enforce the contract at run-time.  It should seamlessly ensure that the provider meets agreed upon service levels, that any required mediations are delivered, that the consumer(s) are complying with required policies and that the access rights and times are enforced and complied with.

  SOA Software’s Policy Manager provides a flexible contract negotiation workflow process that allows a potential consumer to request access to a service and negotiate SLAs, policies, and access rights.

  Service Manager enforces contracts to ensure that consumers without a contract cannot access a service, and monitor, manage, and report on contract terms, including SLAs, for each consumer.

  For more information about SOA Software’s market-leading products, click here.
  

  Compliance Validation

  One of the important roles of a governance automation solution is determining an asset’s compliance with defined enterprise policies.  For example, an organization might require that a service have a design document, a description, be properly categorized, and have a defined business case before it can be promoted from the design stage to the development stage of the lifecycle.  The SOA lifecycle governance automation system provides an easy way to define and manage compliance policies and associate these policies with lifecycle stages, categories, and other taxonomy or folksonomy structures and types.

  SOA Software’s Policy Manager provides a powerful compliance policy definition, management, and validation framework.  It defines policies as sets of rules, with individual rules capable of processing a static service context in the repository, or dynamically captures message data from Service Manager.  Rules are written in XQuery, Java Script, or as Java Classes.  Policy Manager provides a set of policies out of the box, including WS-I Basic Profile validation, and publishes the policy language, context, and APIs to partners.  Our partners have created a library of “policy packs” for various compliance definition policy sets.

  For more information about SOA Software’s market-leading products, click here.
  

  Governance Automation

  Enterprise architecture approvals processes for application development typically involve periodic architecture review board meetings that review proposals and designs to make decisions about whether or not to fund particular projects.  In many cases these architecture review board meetings happen every 4 to 8 weeks, which is fine for large application development projects, but doesn’t scale to meet the needs of service development processes.  Imagine the development process for a service which can take as little as a few days or even hours, being held up for 4-8 weeks at each stage of its lifecycle, because it needed approval at an architecture review board before proceeding.  Similarly, imagine an architecture review board reviewing designs and business proposals for hundreds of services rather than the 2 or 3 applications they are used to managing.  Clearly the current processes are not agile enough, and do not scale well enough, but you can’t simply remove these processes. 

  This is where Integrated SOA Governance Automation (ISGA) solutions come in.  By implementing the existing governance processes through simple, role-based workflow solutions with integrated policy compliance validation checks, ISGA solutions allow companies to maintain their current levels of control without introducing roadblocks, or causing current processes to stall.

  SOA Software’s Repository Manager and Policy Manager products combine to provide a comprehensive Integrated SOA Governance Automation solution.  The solution provides:

  • Asset lifecycle management processes
  • Consumer contract provisioning processes
  • Approvals workflow processes
  • Continuous compliance and validation

  For more information about SOA Software’s market-leading products, click here.
  

  Service Lifecycle Management

  Services, like all other development assets and applications have their own lifecycle and as such need to be managed through their lifecycle state transitions.  A Service lifecycle generally models a typical SDLC with stages including design, development, test, QA, production, and deprecation.  Many organizations will add versioning into the process between production and deprecation, although in reality each new version of a service will have its own lifecycle.

  An SOA Governance product must be able to manage the lifecycle stage of a service and should provide a workflow-based process for migrating services between stages.  Often this process will closely mirror the original publication process described above.  It will include a set of policies that define criteria a service must meet before it can be migrated.  It will also in many cases include manual approval steps.

  The lifecycle stage of a service should be used to determine who can discover the service in the registry and who can access the service at run-time.  It should also define which policy set is used to determine the run-time capabilities and requirements for accessing the service.

  In the context of lifecycle management, the act of publishing a service to a registry so that it can be found by a broad audience of interested parties may seem like a simple enough task.  In fact, this is one of the most basic, and yet most important functions of an SOA Governance solution.

  The essence of governance can be easily captured in the phrase “encouraging desired behavior.” This simple concept provides a backdrop to help understand what a governance solution should be focusing on, and the capabilities it should provide.  Essentially it is not enough to merely provide a stick with which to beat developers and architects, we must also provide a carrot to encourage people to participate in governance processes.

  With this in mind, we need to think about what is the desired behavior for the participants in an SOA.  For many organizations, one of the most important aspects of SOA Governance is the process of ensuring that the services that are published are appropriate.  “Appropriate” in this context is another word a little like “desired.” It can mean many things, but the reality is that an “appropriate” service is a service that meets a set of criteria defined by the enterprise, often including the following:

  • Is not a duplicate of, or similar to an existing service
  • Meets design criteria for transport, operation type, schema, etc
  • Is at an appropriate level of business functionality granularity (e.g. a ‘top-down’ design rather than ‘bottoms-up’)
  • Is of broad interest and therefore likely to be reused
  • Complies with appropriate industry standards and recommendation (e.g. WS-I basic profile)

  Some of these criteria can be readily automated like WS-I basic profile compliance, others will likely require manual steps.  To this end, before a service can be published it should pass through a workflow process that will verify the automatable criteria before requiring a manual approval step.  A well designed SOA Governance solution will manage this workflow as a series of customizable, automatable defined process steps and will allow developers and approvers to see services at appropriate phases of this process.

  SOA Software’s Repository Manager and Policy Manager products combine to provide a comprehensive SOA Lifecycle Management solution.  They share a common state-machine, and common meta-model providing seamless SOA asset lifecycle management capabilities.

  For more information about SOA Software’s market-leading products, click here.
  

  Architecture and Compliance

  As enterprises move towards SOA, their enterprise architecture teams take on an increasingly important role.  Integrated SOA Governance Automation solutions provide architecture teams with the ability to ensure the efficient execution of their SOA programs.

  Service Lifecycle Management
  Governance Automation
  Compliance Validation
  Consumer Contract Provisioning

  For more information about SOA Software’s market-leading products, click here.
  

  Simple Service Consumption

  As the complexity of service interfaces grows to add security, reliability, and other capabilities needed for business quality services, so does the difficulty of consuming the services.  Studies of the cost of building services and consumers in Fortune 500 companies shows that it can cost up to $50k to add security, reliability and monitoring capabilities to a single service, and up to $40 to add the security and reliability capabilities required to consume the service to a consuming application.  As service reuse becomes more prevalent, the cost of building consumers can quickly become prohibitive. 

  This is why SOA Software provides its Delegate to ensure simple service consumption.  Using the Delegate, consumer developers can focus on implementing the business logic of their application leaving the complexity of complying with enterprise security policies, reliability models, versioning, transport, and other implementation details to the delegate.

  SOA Software’s Delegate is available in many forms, ranging from Java and C# SDKs, through plug-ins for common IDEs and handler sets for common containers.  It is part of the design tools for many business process management solutions, allowing the process designer to drag and drop an “SOA service” into their process fully abstracting the process engine from the physical service implementation.

  The Delegate abstracts the developer from the complexities of business quality service consumption including:
  

  • Authentication – full support for Basic Auth, SAML, X.509, Kerberos, XML-Signature, HTTPS, and all other common tokens
  • Privacy – full support for XML-Encryption in both raw XML and WS-Security forms supporting both encryption and decryption
  • Non-repudiation – full support for raw XML and WS-Security compliance XML-Signature and signature verification
  • PKI – provides public and private key pair management, CRL checking, certificate management
  • Transport – supports http, https, and JMS bindings
  • Reliability model – supports WS-Reliability and WS-ReliableMessaging standards as well as native message queuing reliability models
  • Endpoint location – provides dynamic binding to service endpoint location, policy, standards, and reliability model

  For more information about SOA Software’s market-leading products, click here.
  

  Application and Transaction Management

  SOA is used to build real-world business applications, delivering real business value and solving real business problems.  Faults and performance problems in a Web service might not appear to be a huge problem, but they may lead to a failure to respond to a customer, a misplaced order, or a failure to invoice or collect on a service or product that has been delivered.

  The distributed nature of service-oriented applications makes it difficult to identify and diagnose problems.  For example, an unacceptable delay when a customer clicks a button on a commerce site might be caused by a connection timeout in an unrelated database that provides a logging function to a Web service that is indirectly invoked by another application called by the portal.

  Application support and operations teams must be alerted to these issues and must be able to identify their root cause, debug, and fix them in near real-time.  These teams are often measured against Mean-Time-To-Repair, so seeing problems before they occur, and quickly finding the cause is a critical goal.

  SOA Software provides an industry leading Operational Governance solution for monitoring, transaction tracking, SLA management, Quality of Service, Event management, and root case analysis.

  Monitoring – Last mile, first-mile and network monitoring of messages to collect real-time performance, usage, fault and message data for any service deployed on any platform.  SOA Software’s Service Manager monitors services from the perspective of the consumer to ensure that consumer specific SLA’s and usage criteria are not polluted by traffic from other consumers.
  Transaction tracking – Using standards like WS-Addressing, Service Manager can track the path of a transaction across multiple messages between different consumers, services, applications, and platforms.  This allows customers to identify root cause for individual transactions as well as to build a map of a whole application and all the consumers and services it is made up of.
  Service Level Agreement Management – Service Manager provides comprehensive SLA capabilities with the ability to manage and monitor SLAs for consumer contracts.  This unique ability ensures accurate monitoring of services from the perspective of their different consumers – one application might make more complex and larger requests that take an average of 200ms to process, where the average response time for the whole service is only 50ms.  In this case, it is essential that the application is monitored from the perspective of the consumer, in order to provide an accurate assessment of service level.
  Dynamic Management – Service Manager implements a comprehensive dynamic management model that can automatically adjust the infrastructure to address exceptions and service-level issues.  Using the monitoring and SLA management capabilities described above, Service Manager can identify potential problems and can reroute traffic, throttle low-priority requests, or even deploy new service instances to ensure continuous operation of service-oriented applications.

  SOA Software’s products are used by Fortune 500 companies to ensure continuous operation of their service-oriented applications providing a state of the art application and transaction management solution.

  SOA Software’s Service Manager provides a platform-independent, policy-driven SOA monitoring and management solution to ensure the performance and reliability of services throughout an SOA.  It provides SLA management, real-time and historic reporting, alert and event management, transaction tracking, and dynamic management capabilities.

  For more information about SOA Software’s market-leading products, click here.
  

  Change Impact Mitigation

  A core benefit of service-orientation is the ability to reuse existing assets across multiple applications as service consumers.  This reduces the time to develop new applications, increasing agility and reducing cost, but it also increases the potential for change to one application (service provider) to cause many other applications (service consumers) to fail.  Development governance change management and consumer contract provisioning solutions will help address this challenge, but in many cases changes will be required so the enterprise must ensure that services consumers are effectively abstracted and protected from these changes.

  Virtualization – Service virtualization provides companies with the ability to create virtual services that offer a stable interface (location, transport, standards, policies, messages) even when the physical service changes.  Virtualization offers high-availability and load-balancing, performance and SLA monitoring and management, routing, versioning, and mediation capabilities to mitigate the impact of change at the provider on service consumers.
  Versioning – Services go through a development lifecycle just like any application, in fact services are often published by an application that has its own lifecycle.  As a natural part of this lifecycle applications and services will be versioned, and will often go through significant changes as part of this process.  If the only consumers of a service are part of the same application, and as such are versioned at the same time as the service itself, then there is no challenge, however this is not the case with services that are published for general reuse.  If a service is used by multiple consumers there a several models available to protect the consumers from changes to the service as part of a versioning process.  One model is simply to track all the service consumers through a consumer contract provisioning process and inform them of any upcoming changes.  Another model is use a virtualization solution to maintain a virtual service that models the old interface using transformation as necessary to communicate with the new interface.  The best practice is to combine these two approaches using the contract model to inform consumers of change and encourage them to adopt new interfaces, while using virtualization to mitigate the impact of changes.
  Mediation – As the complexity of service interfaces grow to provide enhanced security and reliability capabilities, the set of consumers capable of consuming the services shrinks.  Mediation solutions provide tolerance to ensure that the widest possible set of consumers can consume a service by making sure that the service is tolerant of different message types, policies, transport, and many other variables.

  SOA Software’s products are used by Fortune 500 companies to ensure continuous operation of their service-oriented applications leveraging powerful change impact mitigation capabilities.

  SOA Software’s Service Manager provides a platform-independent, policy-driven SOA virtualization and mediation solution to ensure that services can be confidently consumed by applications on any platform without risk of change causing outages. 

  SOA Software’s Policy Manager provides comprehensive consumer contract provisioning capabilities to track service consumers and notify them of versioning events.

  One of Service Manager’s core strengths is its mediation capabilities.  It offers a range of mediations including:
  

  • Multi-pattern mediation (agent, delegate, proxy, relay, gateway, router, switch, pipe & filter, Policy Enforcement Point)
  • Messaging mediation (programming model and synchronicity) - useful when consumers and providers use differing call models. Three types of MEP mediation are configurable; Sync-Async mediation (synchronous consumer wants to access asynchronous WS providers); Async-Sync mediation (asynchronous consumer wants to access synchronous WS providers); Aynch-Async mediation (asynchronous consumer wants to access asynchronous WS providers)
  • Reliability mediation – useful when unreliable consumers need to consume reliable services, or when reliable consumers need to consume unreliable services.
  • Standards mediation - useful when the consumers use and the providers expect differing WS standards. We handle this mismatch through design time configuration. Several types of syntactic standards mediation are supported: WS-Security, WS-Addressing, WS-Routing, and WS-Reliable Messaging.
  • Transport mediation - useful when consumers and providers use differing transport protocols. Common examples of this are SOAP/HTTP consumers who want to call non-soap message driven apps such as POX/JMS
  • Asynchronous delivery – required for synchronicity mediation
  • Guaranteed delivery – required for reliability mediation

  Service Manager can mediate between a wide range of standards, message styles (SOAP, POX, etc), message exchange patterns (REST, SOAP, MOM, etc), transports (http, https, JMS), reliablity models (WS-RM, WS-RX, MOM, etc), security tokens (SAML, Kerberos, X.509, session cookies, etc).  Mediation is enabled declaratively through the standalone intermediary based on impedances between inbound messages and the requirements, capabilities, and policies of the destination service.

  For more information about SOA Software’s market-leading products, click here.
  

  B2B Service Provisioning

  One of the main drivers behind SOA has always been the vision of using Web services to facilitate communication between businesses, and even drive new business models.  This is a valuable use for SOA and Web services, and it does present some interesting challenges.

  Security – In the early days of Web services, the ability to communicate machine to machine over port 80 to avoid firewall configuration issues was a much touted advantage.  The reality, of course, is that sending XML traffic over port 80 introduces a potentially significant security risk.  The standards community has created numerous specifications to offset this risk, but with it has added considerable complexity that can take away much of the advantage offered by Web services.  The real challenge is to find a way to ensure the security of services leveraging standards like WS-Security and SAML, without making services so difficult to consume that partners and customers choose to go elsewhere.  Another obvious risk is that for services to consumable outside the enterprise firewall, they must be accessible through the DMZ.  In most cases customers will not, and should not, deploy their application containers into the DMZ, so they need to find a virtualization model that allows them to deploy services in the DMZ that proxy their application services.

  Consumer Contract Management – One way to address the challenge of providing easy access to secure services is through a consumer contract provisioning model.  Consumer contract provisioning is the process of requesting or offering access to a service through a negotiated contract.  For more information on consumer contract provisioning please see contracts.

  Identity Federation – In order to grant individuals at partner companies rights to services and business processes within your enterprise, you need to know that these people are authorized by your partner to act on their behalf.  One model is for you to maintain a directory of your partner’s employees, and ask you ensure that this directory is up-to-date, although this model is bound to fail.  Identity Federation offers a better solution.  Through Identity Federation users within partner and customer organizations can authenticate themselves against a server in their own organization and present you with a token validated by their company.  In this way you simply need to trust their company, and not the individual in question.

  SOA Software’s products are used by Fortune 100 companies to provide comprehensive B2B SOA provisioning capabilities driving new business models and revenue for these companies.

  SOA Software’s Service Manager provides a platform-independent, policy-driven SOA security and virtualization solution to ensure that internally published services can be confidently exposed to partners through the DMZ.  SOA Software’s products implement all of the latest standards including comprehensive support for WS-Security, XML-Signature, XML-Encryption, SAML, XACML, and many others.  For a list of supported standards please click here.

  SOA Software’s Policy Manager provides comprehensive consumer contract request, offer, and negotiation processes to facilitate partners requesting access to services, and the enterprise offering partners access to services.

  For more information about SOA Software’s market-leading products, click here.
  

  Security

  The evolution towards service-oriented architecture as the main application development and integration model for large enterprises promises great rewards in agility and cost saving, but along with these rewards come increased security risks in several areas:

  Message Security – Standards-based service interactions are one of the main benefit drivers in SOA.  They also introduce increased risk, because a well architected system will have no room for “security by obscurity”.  The standards community has made great strides in producing specifications to ensure sender and provider authenticity and authorization, and message privacy and non-repudiation.  It is now up to service platform providers and service and consumer developers to take advantage of these standards to ensure the security of their applications and data.

  Interface Security – One of the goals of SOA is to create reusable business services.  These services are often created by take data or business logic from existing applications and exposing it as a service.  This means taking data or logic that was buried within an application and making it accessible, and in this process exposing it to potential threats.

  Security Infrastructure – The move towards enterprise SOA involves the deployment of new infrastructure solutions including registry/repository, policy management, and service management, amongst others.  Each of these solutions must comply with existing enterprise security policies, or the solutions designed to ensure the security of enterprise applications can themselves become potential attack points.

  SOA Software’s Service Manager provides a platform-independent, policy-driven SOA security solution to ensure that all service providers enforce uniform, appropriate policies, that are implemented by all service consumers across all distributed and mainframe platforms throughout the enterprise.  It provides fully featured agents to ensure last-mile security, a standalone intermediary for network-based policy enforcement and virtualization, and a client-side delegate for first-mile policy implementation.

  Authentication – Service Manager provides comprehensive message, consumer and end user authentication with support for all common token types including Basic Auth, SAML, X.509, Kerberos, XML-Signature, and HTTPS.  It provides a security token server for Identity Federation and token exchange, offering a SAML authority as part of this capability.

  Authorization – Service Manager offers powerful service authorization capabilities support XACML as well as native integrations with most common enterprise security policy management solutions.

  Privacy – Service Manager has full support for XML-Encryption in both raw XML and WS-Security forms supporting both encryption and decryption to ensure the privacy of messages.

  Non-repudiation – Service Manager offers full support for raw XML and WS-Security compliance XML-Signature and signature verification to ensure message authenticity and non-repudiation.

  PKI – Policy Manager provides comprehensive public and private key pair management, CRL checking, and certificate management.

  SOA Software’s products implement all of the latest standards including comprehensive support for WS-Security, XML-Signature, XML-Encryption, SAML, XACML, and many others.  For a list of supported standards please click here.
  Service Manager integrates seamlessly with most common enterprise security solutions to maximize investment in existing systems and ensure consistent application of existing enterprise security policies.  It supports:
  

  • Identity and Access Management Systems – Service Manager integrates with most common IDM solutions to federate their authentication and authorization policies and processes throughout an SOA.
  • Enterprise Directories – Service Manager integrates with common enterprise directories including Microsoft Active Directory and other LDAPv3 compliant solutions.  It acts as a security token and policy server, delegating authentication decisions to the directories and using existing group memberships to drive role-based authorization decisions.
  • Security Appliances – Service Manager can provide policies for services security by common appliances (such as IBM DataPower) and monitor service usage and performance for these services.
  • PKI – Service Manager provides its own built-in PKI solution with a fully featured Certificate Authority.  It also integrates with existing PKI solutions providing key distribution and verification.

  For more information about SOA Software’s market-leading products, click here.
  

  Operations

  SOA presents a unique set of challenges to operations and security teams.  We provide some examples of the challenges and solutions for many Fortune 500 corporations as they move towards SOA.

  Security
  B2B Service Provisioning
  Application and Transaction Management
  Change impact mitigation
  Simple service consumption

  For more information about SOA Software’s market-leading products, click here.
  

  Extensible Asset Management

  The breadth and scope of an enterprise SOA initiative can be quite daunting to a typical IT organization. New technical standards (and tools to support development against those standards), increased need for integration and regression testing to ensure stability and cross-version compatibility of deployed services, strong emphasis on proper separation of concerns (e.g., separating functional aspects from presentation aspects during analysis to eliminate blurred implementations, avoiding reimplementation of fragile existing application functionality and algorithms in decoupled services that are meant to support multiple application/composition needs), and simply the introduction of a new way of architecting and developing enterprise software forces organizations to take a much broader look at the SDAs they need to govern and disseminate.

  Support for Knowledge and Executable Assets – Once an SOA initiative expands beyond the pilot stage, IT organizations need to quickly and effectively disseminate the core architectural and development principles and guidelines to the broader IT community. These knowledge assets – patterns, best practices, reference implementations – must be treated as peers alongside the executable assets – services, components, schemas – that make up an organization’s SOA. Repository Manager comes preloaded with Sun’s Core J2EE Patterns and Microsoft’s Enterprise Solution Patterns, and organizations can easily augment these knowledge assets with their own SOA guidance. This knowledge framework is delivered to the developer’s fingertips via Repository Manager’s deep IDE integration, thereby greatly increasing the likelihood of developer success as the enterprise’s SOA initiative expands in size and scope.

  Incremental content enforcement based on SDLC governance stage – As a service or other SDA progresses through its SDLC, the number and scope of work products naturally increase. At its initial definition phase, a service may be little more than descriptive documentation specifying the required functionality at a high level. Use cases, design models, test plans, test results, defect lists, usage guides and many other work products accumulate as this service progresses towards staging and production deployment. Repository Manager enforces the presence of designated content at each defined governance stage, and validates that content against compliance policies through its integration with Policy Manager.

  For more information about SOA Software’s market-leading products, click here.
  

  Change Management

  Within a loosely-coupled architecture such as SOA, change management takes on a two-dimensional perspective: both changes as a specific version of a service or other SDA progresses through its SDLC and changes across versions of a service must be effectively managed and governed.  Most enterprise IT organizations are well versed in version-specific change and release management, but have considerably less experience in dealing with cross-version compatibility, deprecation, and staging issues that arise within an SOA initiative. The loosely-coupled nature of SOA demands additional stringency within the SDLC process as well; services must not only be correct (i.e., they function as expected) but also complete (i.e., they are discoverable, understandable, and stable from the consumption perspective).

  Smart Controls™ governance automation – To be effective, SOA governance processes must incorporate as much automated compliance validation as possible while preserving ultimate decision-making authority for key role-based stakeholders in the IT organization. Governance processes must also vary by asset type (components require different validations than services, for instance), and different groups within the organization may require different levels of governance stringency. Smart Controls supports these variables through its patented event-driven governance engine. Governance processes are configured through an Eclipse-based graphical designer supporting swim-lane style process flow definitions with drag-and-drop task specifications, making it easy to specify and understand complex and demanding enterprise governance needs.

  AnySource™ Federation – Click here for details on Repository Manager’s AnySource federation toolkit.

  Compliance policy validation via Policy Manager™ – Development compliance policy enforcement can be an onerous task for architects and other governance stakeholders in the IT organization. Validating service interface compliance against WS-I Basic Profile, ensuring that source code conforms to style guidelines for readability and maintainability, and many other necessary policies can become overwhelming if manual validation is the only option available. Policy Manager’s flexible policy validation engine, supporting XPath, XQuery, Java, and script-based policy definitions, coupled with Repository Manager’s ability to automatically invoke Policy Manager at defined development governance checkpoints, automates this painful task, ensuring consistency and completeness for all SDAs flowing through the development governance process.

  For more information about SOA Software’s market-leading products, click here.
  

  Impact Analysis

  As an organization’s SOA matures, increasing numbers of services along with applications and other SOA compositions dependent upon those services are deployed into mission-critical operational environments. Understanding end-to-end dependencies – application to service, service to schema, service to component, component to mainframe adapter to name a few – becomes crucial to ensuring stability of an organization’s SOA-based deployments.

  Asset Relationship Visualization™ – As SOA-based applications and other compositions proliferate throughout the enterprise over the course of a successful SOA initiative, it becomes increasingly difficult to understand the impact of a change to any one part of the SOA deployment. Asset Relationship Visualization gives architects and other key SOA stakeholders a dynamically-generated visual view into such dependencies. Through its drag-and-drop Eclipse-based user interface, this Repository Manager option dynamically generates a dependency graph for any SDA based on asset and relationship type filtering rules configurable by the end user.

  Strongly Typed Asset-to-Asset Relationships – Semantic understanding of dependencies in turn depends upon a clear understanding of the effect of those dependencies. Repository Manager’s patented dynamic SDA template infrastructure allows IT organizations to precisely define relationship types of interest and to establish validation rules that restrict establishment of such relationships to only assets meeting the semantic requirements specified by those types. For example, an “imports” relationship from a service may be restricted to schemas only, while a “consumes” relationship may allow components, mainframe adapters, and read-only data views to be bound to that same service.

  For more information about SOA Software’s market-leading products, click here.
  

  Metadata Federation

  For enterprises to fully understand and effectively govern their SOA environment, they must have a complete and coherent view of the services and other SDAs touched by their SOA initiative as well as the policies and processes that guide consistent development of SOA elements. This end-to-end view must incorporate and coordinate relevant content not only from service development and deployment activities but also from service planning efforts (e.g., proposed services and their traceability to existing system capabilities) and from existing service capabilities (perhaps sourced from packaged applications and third parties).

  Organizations also need to deal with the added complexities introduced through extensive offshoring/outsourcing relationships. While these relationships clearly provide value to the enterprise in terms of both cost and flexibility, if not managed properly they can lead to provider lock-in at best and development disasters at worst. Maintaining visibility and scope of control over arms-length development activities is key to deriving the most value from those relationships.

  End-to-end integrated service metamodel and governance process model – Repository Manager, Policy Manager and Service Manager provide a complete solution for development and operational governance automation. By defining a common service metamodel and governance process model across these products, SOA Software gives IT organizations a significant jump start towards cross-organizational fidelity and consistency, reducing the likelihood of manual error and eliminating redundant information management within the enterprise.

  AnySource™ federation – Connectivity to SCM platforms and other development tools is crucial for IT organizations to accurately represent and govern their development efforts. These development systems of record are typically managed in a siloed manner with little to no communication and coordination across products. Repository Manager’s AnySource federation toolkit allows IT organizations to define and automate extraction rules that span these products, producing complete and coherent SDAs based on SDLC triggering events (e.g., source code promotion, establishment of a version baseline). Based on the well-known open source ANT framework, AnySource presents a well-understood task model for asset automation.

  Service registry federations – As services enter into staging and production environments, service definitions and supporting metadata must be provisioned into the runtime registries supporting those environments. Repository Manager supports automated provisioning of such information to leading service registries such as IBM WSRR, HP SOA Systinet, TIBCO Active Matrix Registry, and any UDDI-compliant registry.  These same registries can serve as sources to bring previously ungoverned services (e.g., services deployed as part of a packaged application) under development governance via Repository Manager’s Import Center.

  Federated Repository Manager installations – Highly distributed development organizations may need localized repository installations to better manage content access and latency issues. Other organizations may need to establish filtered access to selective SDA information to their outsourcing partners while at the same time maintaining consistent governance processes over the SDAs developed by those partners. Repository Manager’s sophisticated federation model enables IT organizations to establish essentially any federation topology (e.g., tree, star, unidirectional point-to-point) across any combination of physically and logically separated library installations. Filtering rules can be established over each connection within the federation, thereby ensuring that only appropriate information is passed across the connection.

  For more information about SOA Software’s market-leading products, click here.
  

  Service and Asset Discovery

  The iceberg metaphor is apt when considering services within an enterprise: very few service implementations are greenfield, with the vast majority built upon one or more existing (typically strategic) capabilities already present in the enterprise or provisioned by business partners. The service interface, while important, is the small percentage of the total service that sits above the water line; mainframe and distributed applications, data views, EDI feeds, and many more software assets sit below the water line to make up the service implementation. Discovering and understanding these widely varied software development assets (SDAs) is crucial to an organization’s effective SOA development governance efforts.

  Graphical Reference Models – Repository Manager’s patented graphical reference models allow organizations not only to visually represent important domain perspectives (e.g., business domain, technical domain) within their repository installation but to automatically map their SDAs to domain elements as part of the production governance process. Once mapped, these SDAs can be discovered by potential consumers via visual navigation, providing an intuitive and easy-to-use way to search for services and other content.

  Deep IDE Integration – Visual Studio and Eclipse-based (both native and commercial variants) integrations give developers a natural and seamless interface into Repository Manager. Multi-view perspectives, drag-and-drop and other advanced interaction behaviors, and user-friendly dialogs and wizards simplify the process by which developers find the services they need.

  Search Alerts – Sometimes what you need isn’t ready exactly when you need it. Repository Manager gives developers and other SDA consumers a way to “set and forget” searches. When the desired asset becomes available, consumers are notified of the fact via email or RSS feed. Many IT organizations use this approach to automatically disseminate architectural guidance to the broader team, ensuring everyone stays up-to-date with the latest SOA development approaches.

  Consumer contract provisioning – As developers discover a suitable service for use in their application or other consuming composition, they need to specify the expected usage characteristics (i.e., the proposed service level agreement) for that service. Repository Manager directly exposes the valid service level policies defined within Policy Manager to developers for selection, and upon consumption governance approval automatically provisions a draft consumption contract to Policy Manager for downstream operational governance application. This end-to-end provisioning model ensures a consistent view across both development and production perspectives, greatly reducing the likelihood of operational errors when deploying SOA-based applications.

  For more information about SOA Software’s market-leading products, click here.
  

  Development

  The main responsibility of SOA Development Governance is to ensure that services are built correctly according to enterprise policies and industry standards.  The adoption of SOA has changed the development lifecycle and introduced some new concerns that we highlight here:

  Service and Asset Discovery
  Metadata Federation
  Impact Analysis
  Change Management
  Extensible Asset Management

  For more information about SOA Software’s market-leading products, click here.
  

  SOA Software Announces SOA Governance for Microsoft .NET Framework

  Los Angeles, Calif., June 10th, 2008—SOA Software, a leading Integrated SOA Governance Automation vendor, today announced that it has certified Windows Communication Foundation (WCF) within the Microsoft .NET Framework as a Governed Service Platform. This allows customers to confidently use the .NET Framework, which includes WCF, as part of a heterogeneous enterprise SOA environment sharing services with other commercial SOA platforms like SAP NetWeaver, IBM WebSphere, BEA, and Oracle, as well as RedHat and other open source providers.

  Certified Governed Service Platform status means that customers can be confident that their platforms will not compromise the fidelity of the governance systems and structures defined in an enterprise SOA program.  The certification process ensures that Governed Service Platforms can implement and enforce governance policies providing reporting data to enable a closed-loop audit process.

  Microsoft customers add SOA Software’s Integrated SOA Governance Automation solution to the .NET Framework:
  

  • Ensure that services they identify, design and build using Windows Communication Foundation are relevant to and consumable by applications they design, build and deploy using other platforms like SAP and IBM.
  • Make services they expose from applications running on .NET based applications and WCF visible to and compliant with enterprise policies defined, enforced and audited across other platforms; and make services they design and build using other platforms like SAP and open source environments visible to and compliant with enterprise policies defined, enforced and audited across their .NET Framework applications.
  • Promote, ensure and formalize consistent alignment between demand from service consumers and the supply of services through Consumer Contract Provisioning.

  SOA Software’s platform-independent Integrated SOA Governance Automation solution promotes the use of best-practices throughout an enterprise SOA program regardless of where services and consumers are designed, built, deployed and operated. SOA Software’s Solutions integrate with the Microsoft SOA and business process solutions including: .NET Framework, Microsoft BizTalk Server, Visual Studio and Team Foundation Server.

  “The certification of Governed Service Platforms advances the discipline of Integrated SOA Governance Automation,” said Frank Martinez, executive vice president of SOA Software.  “Microsoft customers are quickly using WCF to build enterprise SOA applications, this certification gives them the confidence that the enterprise adoption of WCF with SOA Software’s products will preserve the fidelity of the governance models, structures and mechanisms supporting their enterprise SOA program.”

  “SOA Software’s certification compliments Microsoft’s continued commitment to delivering a governed enterprise SOA platform for our customers,” said Burley Kawasaki, director of product management for Microsoft Corporation.  “By working closely with SOA Software as part of our Business Process Alliance, customers can confidently deploy BizTalk Server, the .NET Framework, and other Microsoft SOA platform components as part of a comprehensive integrated SOA governance solution.”

  SOA Software and Microsoft
  Microsoft customers use SOA Software for seamless, heterogeneous SOA Governance, Security and Management functionality with their Microsoft applications to ensure interoperability across disparate partners and platforms.

  SOA Software’s products deliver mission-critical SOA governance capabilities to Microsoft .NET Framework and BizTalk Server customers.  They provide: Closed-loop Governance, Uniform Policy Management, Heterogeneous Governance Automation, Dynamic Policy Enforcement and Implementation, and Trust Mediation and Bridging.

  About SOA Software
  The world’s largest companies including Merrill Lynch, Verizon, and Pfizer use SOA Software to quickly and confidently realize the value of SOA.  SOA Software’s platform-independent Integrated SOA Governance and Mainframe SOA products process over 500 million mission critical transactions per month, ensuring the relevance, security, reliability, and performance of services and applications. For more information, please visit http://www.soa.com.

  SOA Software, Workbench, Repository Manager, Service Manager, and SOLA are trademarks of SOA Software, Inc. All other product and company names herein may be trademarks and/or registered trademarks of their registered owners.
  

  SOA Software Adds Support for Microsoft Visual Studio 2008 Team Foundation Server

  Los Angeles, Calif., June 10th, 2008—SOA Software, a leading Integrated SOA Governance Automation vendor, today announced that with Repository Manager 6.0 and its compatibility with Visual Studio 2008 Team Foundation Server version control, users can now seamlessly access artifacts stored in Team Foundation Server through the Repository Manager add-in for Visual Studio.  Repository Manager’s compatibility with Team Foundation Server version control enhances collaboration among users of Visual Studio 2008, resulting in high productivity and exceptional quality control of important software development assets and services. 
  
  Through this Visual Studio 2008 Team Foundation Server enhancement, Repository Manager users have the flexibility to specify artifacts (both project/solution-based and individual files) by label or by version for inclusion within Repository Manager-governed software assets. This both improves the visibility and management of these resources through the Repository Manager, and allows application developers to easily import those artifacts by reference into consuming Visual Studio projects/solutions.  Repository Manager 6.0 makes it easier than ever for .NET developers and architects to collaborate, enabling them to create and manage world-class business applications while adhering to an integrated and closed-loop SOA Governance process.

  “SOA Software shares Microsoft’s belief that team collaboration and ease of use are prerequisites for application development success,” said Brent Carlson, Sr. Vice President, Technology of SOA Software. “The new Repository Manager for Team Foundation Server facilitates team coordination and significantly helps developers and architects with cross-platform development projects—without ever leaving the Visual Studio 2008 Team System environment. This is the latest example of SOA Software’s longstanding commitment to provide Microsoft developers and architects with convenient yet powerful tools to produce world-class software applications.”
  
  Repository Manager is a Development Governance solution that simplifies the creation, integration, management and promotion of enterprise assets and services throughout the complete development lifecycle. Its strong integration with leading application development environments and federation with all major run-time repositories enables customers to rapidly deploy multiple assets types and services within the SOA service lifecycle.

  About SOA Software
  The world’s largest companies including Merrill Lynch, Verizon, and Pfizer use SOA Software to quickly and confidently realize the value of SOA.  SOA Software’s platform-independent Integrated SOA Governance and Mainframe SOA products process over 500 million mission critical transactions per month, ensuring the relevance, security, reliability, and performance of services and applications. For more information, please visit href="http://www.soa.com">http://www.soa.com.

  SOA Software, Workbench, Repository Manager, Service Manager, and SOLA are trademarks of SOA Software, Inc. All other product and company names herein may be trademarks and/or registered trademarks of their registered owners.

  speakTECH

  www.speaktech.com

  ilitia

  ilitia technologies SRL is a private Spanish company (SME) based on Madrid, Spain. Our activity is focused on software development and information technology consulting services.

  Our professional expertise ranges all the major stages in the software life cycle, including product and service inception, business requirements elicitation, software requirements management, technical prototyping and software design, software project planning, software implementation mainly on Microsoft and Java technologies, the full testing cycle along the different project phases and the final deployment or installation of software products or services.

  In the field of information technology consulting, we provide professional advice on different software development technologies and enterprise servers, including corporate infrastructure, messaging and collaboration services, security, knowledge management, project management and others.

  www.ilitia.com

  Deloitte

  www.deloitte.com

  one1

  www.one1.co.il

  STS

  Established in 1989, STS is the complete end-to-end partner and systems integrator for enterprise and medium-sized organizations in Jordan and the MENA region. STS delivers comprehensive IT solutions to the government, banking, education and telecommunication sectors. These solutions include hardware and infrastructure, networking, software, portals, electronic fund transfer, e-banking, enterprise messaging, e-payment, e-government, e-security solutions and professional training services, among others.
  www.sts.com.jo

  iTKO

  www.itko.com

  SOA Software and iTKO LISA Announce Combined SOA Governance and Validation Solution

  Los Angeles, Calif., June 9th, 2008—SOA Software and iTKO announce a combined solution for continuous management and quality assurance across the entire design, development and change lifecycle of SOA (Service-Oriented Architecture) applications. The integrated offering includes iTKO’s LISA Testing, Validation & Virtualization suite, and SOA Software’s Policy Manager and Service Manager solutions.

  Joint customers of the solution will benefit from:
  

  1. A high level of continuous quality assurance for risk mitigation within SOA Governance processes with less manual effort and cost;
  2. Better compliance and control of defined Service Policies, with automated enforcement throughout the SOA design, development and change lifecycles to ensure business requirements are being met;
  3. Increased collaboration and efficiency among all SOA stakeholders, so consumers and providers of services can complete their development, testing, integration and deployment activities in parallel, through the virtualization of service endpoints as well as simulating the behaviors of underlying systems.

  “In short, SOA governance is about ensuring and validating that assets and artifacts within the architecture are operating as expected and maintaining a certain level of quality.” said Frank Kenney, Gartner.  “The integration and monitoring of the three discrete SOA governance technologies (policy management, registry and testing) are essential to successful governance.”
  The two companies have focused their solutions exclusively on the need for secure, reliable, and relevant SOA and distributed enterprise integration architectures since their inception. The combined