No SOA mediation system does it all—that's the bottom line, according to Anne Thomas Manes, vice president and...
research director at Burton Group, based in Midvale, Utah. However, Web services management (WSM) products cover the broadest range of mediation capabilities, so Manes recommends organizations standardize on a WSM, as well as utilize an XML gateway. If other types of intermediaries are required for specific capabilities, such as legacy integration, she recommends keeping them to a minimum to keep overhead low.
In a recent telebriefing on SOA mediation systems, Manes stressed the important role mediation systems play in terms of enforcing policy-based management and control and enabling dissimilar systems to communicate. When a message is sent through an intermediary, that intermediary "will enforce policy. Rather than implement this functionality in every single service, you want to externalize it, to apply SOA concepts to infrastructure functionality. It's what a services infrastructure is supposed to do. We're talking about managed communications."
SOA mediation capability is available in five types of products, according to Manes: platforms, enterprise service buses (ESBs), WSM systems, XML gateways, and pure-play mediation systems. These categories in some cases overlap and in some cases are complementary. Types of mediation include dynamic location and binding of services; message validation; version management and mapping; message routing, queuing, and caching; reliable message delivery; and security processing and mediation. The benefits of utilizing an intermediary are "simpler, faster development, and more flexibility," she said. "You're no longer hardcoding into applications."
Platforms such as Microsoft and the Java EE players are not designed to be mediation systems per se, but all have built-in filtering systems, Manes said. However, their primary focus is to build and deploy services. "Typically they only support SOAP and local security processes. They will process any WS-* header; and you should be able to use them to do any program function. The challenge is that every platform has platform-specific administration tools, and few are now supporting WS-Policy, and WS-Policy is where you want to go," she said.
While an ESB in some cases can act as a platform, Manes said, it primarily enables legacy integration. "They can support a number of different communications systems, while platforms generally only support SOAP." However, she said, ESBs "don't do one of the most important aspects of mediation, which is security mediation, so it's not a complete solution."
But for legacy integration and rich, complex transformations, "ESBs are the right way to go," she said. "That's really what ESBs are all about. ESB vendors are trying to convince you they provide a complete SOA platform, but that's because they're trying to sell product. I have not seen any of these products provide any serious security mediation. They won't do credential mapping; they don't support a strong authentication process." For example, she said, "Sonic, only in its next release, is providing support for WS-Security."
WSM products, she said, are multifaceted and focus on mediation, monitoring and services-level management. "It's the only product that does centralized policy management, which is a major feature in a heterogeneous world. WSM can act as a central intermediary or as an endpoint plug-in; it's the only intermediary that has this kind of diversity." In addition, Manes said a unique feature of WSM products is they can manage policies for the entire environment, and many of the vendors have relationships with the XML gateway vendors.
XML gateways are hardened hardware appliances that typically offer acceleration and monitoring in addition to mediation, Manes said, and a few of them have WSM agents installed. "[XML gateways] offer the best security capabilities of all the [mediation] categories," she said. "They also do threat detection which none of others do, and most are adopting WS-Policy.
Pure-play mediators, which today Manes identifies as the Apache Synapse project and Blue Titan (recently purchased by SOA Software), "are focused primarily on mediation. They are not attempting management, monitoring, security or legacy integration." They primarily provide mediation capabilities for SOAP "and maybe XML," she said.
When choosing intermediaries, Manes recommends keeping the number of them to a minimum. "Each imposes overhead; they open a SOAP message and do some kind of processing. XML gateways have much less overhead." Her recommendation is to standardize on a WSM product as well as utilize an XML gateway for superior security.
Finally, she recommends organizations get a handle on policy administration. "All [categories] support mediation, but each is configured differently. This will be solved down the road using WS-Policy, but it will be three to five years before that is pervasive. A registry is helpful for the management and discovery of policies. Look for a commitment to WS-Policy and integration with a service registry."