Yesterday we had another of our AMIS Query sessions – for technical specialists from AMIS, our business relations and even our collpetitors in the Dutch marketplace. Some 30 people assembled in our Class-Room for three hours of presentation, discussion and demonstration followed by dinner and three more hours of workshop. This format has proved quite successful: our sessions typically are lively, open, to the point and enjoyable (though I am not entirely unbiased of course).
This particular session focused on Oracle WebServices Manager, the brand new Oracle Enterprise Service Bus, the Oracle SOA Suite and SOA and BPEL in general. The presentations and demonstrations were done by Sandor Nieuwenhuijs and Manh-Kiet Yap, both from Oracle EMEA Product Management for Fusion Middleware. Sandor specifically told us not to discuss JBoss and
the possible take over by Oracle – he himself mentioned JBoss at least six times during his talk…
The conclusions from this session include the fact that Oracle has a very complete offering for a SOA infrastructure, not only to publish and connect services but also to manage and secure those services. While some of the functionality has only very recently been acquired – Oracle made a lot of acquisitions, like Collaxa, Oblix, Thor and OctetString, in the area of WebService management or perhaps better said SOA management – since most of it is standards-based the back-end integration is probably feasible in a short timeframe. The demonstration of how to authenticate WebService calls based on an LDAP directory was impressive.
While there is not a formal, concrete ESB available today, Sandor convinced most of us that Oracle already has most of the broadest set of key ESB components that only need a little common infrastructure – the MOM, the Rules Engine, the BPEL Container, many Connectors and Adapters, a Service Registry, the Management facilities and the BAM tools do in fact exist. One could say that even while the ESB is not yet bundled in a box, Oracle has much more to offer for building and managing a SOA infrastructure than many of the vendors claiming to offer an Enterprise Service Bus. Note that the hot-pluggability of the SOA Suite allows users to plugin components from other vendors like Tibco or MQSeries instead of Oracle AQ or Active Directory or OpenLDAP instead of Oracle Internet Directory etc. Additionally, while Oracle would prefer us to the SOA Suite on its own Application Server, we can also deploy on WebSphere, WebLogic and JBoss. Whether from a license cost perspective those – first two- are attractive options remains to be seen.
The Oracle Enterprise Service Bus will enter a semi-public beta-program very shortly (originally scheduled for February, this will commence in March or April). Sandor promised the production release ‘at least in 2006’ – which suggested it would not be early in the year; I would guess October/November timeframe.
Oracle SOA Suite and Enterprise Service Bus
Sandor opened the session with an overview of the what Fusion is. He discussed Fusion Applications – the new ERP/CRM suite that arises from the stew composed of Oracle E-Business Suite, PeopleSoft, JDEdwards, Siebel and to some extent Retek and other smaller acquisitions. The first Fusion Application deliverables are planned for 2008. While it is far too early to discuss the Fusion Apps, it is already very clear that they will be built on top of the Fusion Middleware stack according to a SOA architecture. In order to combine and reuse many different components from the Apps brew as well as create a maintainable Business Suite with the breadth of functionality currently offered by Oracle Apps, PeopleSoft and Siebel, a highly decoupled, service oriented, standards based infrastructure is essential. Fusion Middleware will provide that infrastructure to Oracle Apps – as well as to the 40.000 or so organizations running Oracle Application Server. Fusion Middleware could be seen as Oracle 11f Application Server – the f is Sandor’s guess for the next tag character following the i and g – even though it is in fact much more than what most vendors would dupe their Application Server.
A somewhat controversial statement by Sandor: BPEL is the core of SOA technology. Where some ESB vendors – that is: vendors claiming to provide an ESB – suggest that the MOM (message oriented middleware) communication facilities are the backbone of an ESB with a BPEL container but a relatively small add-on service in that ESB, Sandor suggested a process-driven approach where the BPEL container is at the heart of the ESB and the message infrastructure is but a lower level plumbing component. He added quickly that the truth would probably be somewhere in between. And that getting a SOA to get going and deliver on its promises with regard to business value is the real key.
About the ESB arena, Sandor stated that may vendors have offerings that they claim are ESBs. While there is a semi-official of what an ESB should be (from Gartner) there no set of standards that a true ESB should comply with, like for example is the case for J2EE containers. So every one can make his claim. A recent Forrester report shows the following analysis of the ESB market:
(source: The Forrester Wave: Enterprise Service Bus, Q4 2005, Forrester Research, Inc)
This diagram caused some hilarity as the best ESB offering according to Forrester is one that does not exist yet- or at least not as a bundle labeled ESB. It is not clear to me why Microsoft and IBM do not make their appearance on this report by the way..
Service Registry (UDDI)
One of the topics Sandor discussed with a lot of enthousiasm was the Service Registry. Oracle used to have – as of release 9.0.2 of its Application Server – an UDDI (1.0) implementation. It was one of those well guarded secrets. Basically, it was not used very much and it did not evolve very rapidly. Recently, Oracle licensed the Systinet – recently acquired by Mercury – UDDI 3.0 implementation, to incorporate it in its Application Server (10.1.3) and ESB. Also see http://www.oracle.com/global/me/press/meo/oracle_application_10gr3.html .
Business Activity Monitoring (BAM)
Another story of interest was on BAM. As part of its BPEL offering, Oracle was working on a BAM product for Management Information or aggregate Business Intelligence on the BPEL process activity. However, just hours prior to signing the contracts with Oracle with regards to the take over, PeopleSoft took over the Instante Real Time Monitoring technology. Given the advanced nature and great user interface of that BAM offering, Oracle decided to abandon its own attempt to develop a BAM product and base its offering on this gem it had gotten its hands on as a bonus from the PeopleSoft take over. One of the good things about what is now Oracle BAM is that it not only records and analyzes BPEL activity, but also ESB events and basically any event that it receives, like database DML trigger events if we would so desire. Sandor has some screenshots from Oracle BAM in his presentation:
JCA Adapters
An interesting observation from Sandor: Oracle has developed a number of JCA Adapters, for example for interacting with an FTP server, the file system or a relational database – both Tables and Stored Procedures. These
Adapters are used with InterConnect,
also with the BPEL Process Manager and the exact same adapter will also be used with the ESB to be. It is good to see an example of such easy reuse of services resulting from the exposure of such services through one of the standard interfacing technologies, JCA. Clearly SOAP WebService would provide the same degree of resuse but a far less simple deployment and (probably) much worse performance.
ESB Demonstration – Sneak Preview
Sandor concluded his presentation with a live demonstration of an internal build of the Oracle ESB. He constructed a routing, consisting of two Adapters, two transformers and a canonical (generic, common view) model in the middle. The first Adapter read a CSV file from a file system, logged it and had it transformed it into a canonical data format. Next, the message is is transformed into a specific XML format and written out to a(nother?) file system. While in itself this is not spectacular process – and to be honest, the demo did not even work correctly – it demonstrates some crucial ESB concepts.
Like the (reusable) adapter-based services that are plugged into the ESB, the canonical data model – very similar to the InterConnect common view – and the management facilities that ensure reliability. monitoring and routing including Content Based Routing, for the message delivery. What the demo did not show is the (potentially) distributed nature of the ESB. One of the main differentiators between the BPEL container or traditional MQ systems and the ESB is probably the distributed character of the latter – in addition to the purely logical, abstract definition of services.
Oracle WebServices Manager
The second part of the presentation – by Manh-Kiet Yap – as well as the hands-on workshop after dinner was dedicated to the Oracle WebServices Manager. The OWSM is part of the Oracle Identity Management offering. The Oracle Identity Management ‘suite’ combines a number of components, of which some have only recently been acquired, ike Collaxa, Oblix, Thor and OctetString. The OIM stack looks like this:
It is interesting to see how the Oracle Virtual Directory – based on OctetString Virtual Directory Engine – provides a view across multiple directory services, either from Oracle or from other vendors, either LDAP or some other "protocol" like Active Directory. Using the Virtual Directory, applications have only a single location to authenticate users’ identities. One of the applications that benefits from this functionality is the Web Services Manager.
With regard to the security of WebServices, the OWSM does a number of things for us. Kiet discussed the various levels of security with regard to services: access control, confidentiality (no one can read the message) and integrity (no one can tamper with the contents or pretend to be the sender). He also explained the concept of Public and Private Keys (PKI), where Public Keys are used for encrypting and private keys are used for signing.
Kiet showed in a demonstration how we can register our Web Service with the OWSM by simply providing it with the url for the WSDL. We can then acquire a new WSDL and URL from the OWSM: clients will not directly call the original web service: instead they invoke the Web Service as published by the OWSM. The OWSM will track all calls to all registered web services, tracking the clients that make the call as well as the timing statistics for the execution of the call and the contents of both request and response.
More importantly: the OWSM can be instructed to apply security policies to a Web Service. It is very easy to set up a pipeline for the processing of a request to a particular service:
In the pipeline, we can have the OWSM extract credentials from the request – for example the standard HTTP authentication parameters or WS-BASIC User Token, authenticate these credentials against an LDAP directory – the Oracle Virtual Directory – and only continue if the user is both known and authorized for this particular service. The OWSM can also perform verification of the message integrity and decryption of the message body. Setting up these pipelines is quite simple. Apart from security concerns, the OWSM can also perform an XSLT transformation on the message contents. Finally, the OWSM supports content based routing: depending on specific elements in the message contents can the OWSM decide to send the Request onwards to a specific registered service. See the presentation by Kiet to see some example screenshots for this Content Based Routing.
Resources
See here Mahn-Kiet’s presentation on the Oracle WebServices Manager.
Download Sandor’s presentation on the SOA Suite and the Oracle Enterprise Service Bus
