Welcome!

Internet of Things, Smart Cities and API Security

Mamoon Yunus

Subscribe to Mamoon Yunus: eMailAlertsEmail Alerts
Get Mamoon Yunus via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Virtualization Magazine, XML Magazine, SOA Best Practices Digest, SOA & WOA Magazine, Cloud Hosting & Service Providers Journal, Cloud Security Journal , Microservices Journal

Cloud Hosting: Article

Virtues of Service Virtualization in a Cloud

Service Virtualization is a crucial part of Federated SOA and cloud-based deployments

Virtualization Expo on Ulitzer

Service virtualization is the ability to create a virtual service from one or more predefined service files.  Service files are usually generated as a Web Service Description Language (WSDL, pronounced Wizdel, see tutorial for introduction to WSDL) file by service containers running business application developed in Java, .NET, PHP type programming languages. 

Service virtualization combines and slices business services deployed independent of the operating systems, programming language or hosting location. The services may be off-premise cloud services (SaaS, PaaS, IaaS)  or on-premise services deployed in a corporate data center. An intermediary cloud gateway sits between the producer and the consumer and aggregates the WSDLs. Based on policies enforced on the cloud gateway, only authorized operations are exposed to the consumers. A sample topology is as follows:

Service Virtualization Cloud Computing

 

In the virtualization diagram above, services A, B and C are deployed on-premise in the corporate data center whereas service D, E, and F are deployed off-premise at a cloud hosting provider such as Amazon EC2 or Rackspace.  The services produced are imported into a Cloud Gateway such as Forum Sentry, aggregated and then published to the consumers based on the credentials provided by the consumers at design-time. 

A new WSDL is generated by the Cloud Gateway that provides only those services that a consumer is entitled to see.  For example, in the diagram above, the internal consumer is provided a WSDL that only contains information related to services A-E, whereas the external consumer is provided a WSDL that contains only services B and F.  The consumers are not aware of whether the services are hosted on-premise in the Data Center or off-premise in the Cloud.

VIRTUES OF SERVICE VIRTUALIZATION

Security: The virtual WSDLs expose or hide operations extracted from imported source WSDLs selectively based on consumer authorization levels. The WSDL endpoints are cloaked with only intermediary's endpoints exposed.  Security is centeralized on the cloud gateway and decoupled from the business applications.  As services morph, the security policies can be controlled centrally.  Any security exposure can be rapidly remediated at the gateway without requiring immediate attention for "patching" a large number of services deployed across data centers and cloud providers.  Endpoint URL obfuscation that removes indications of  technology being deployed such as .jsp, .asmx, .php extensions provides a level of comfort to consumers by indicating a well integrated and standardized set of services.  Endpoint obfuscation also decreases techology-stack (Java, .NET, LAMP) specific attack vectors thereby reducing the attack surface area increased by exposing services.

Consistency: Virtualization provides the ability to select operations from multiple WSDLs and expose them to clients as a coherent single WSDL.  The alternate path to this technique is to provide multiple WSDLs generated by each container.  Typical containers take a class file or set of methods and generate a set of service definitions as a WSDL file.  Virtualization enables importing and aggregating such services generated from a variety of service container such as IBM WebSphere, WebLogic Server, Apache Axis, and .NET, selectively picking services that a consumer is authorized to see, and then generating a sub-set WSDL that only contains artifacts (XSD Schema, Message Definitions, Operation Names, Binding)  that a consumer is allowed to see.

Productivity:The main benefit of virtualization is the ability to mix and match operations without having to mannually copy and paste parts of the desired WSDLs into new WSDL files. It allows a corporations to generate a composite library of all supported operations and only expose the ones required for a particular consumer.  Service virtualization also provides a central location for service version management and service cataloguing.

Reliability: A service may be deployed redundantly on-premise and off-premise for capacity planning and management.  If an on-premise service is inundated with traffic, a cloud gateway can redirect traffic to off-premise cloud services.  In a catastrophic situation where either the data center or a cloud provider suffers an outage, a cloud gateway can provide fail-over capabilities.  A cloud gateway can also be used for failover across multi-cloud deployments.  As corporations migrate services to cloud providers, multi-cloud deployments that enable fault tolerance across clouds will become more prevalent.

Some of the challenges of Service Virtualization addressed by sophisticated Cloud Gateways, such as Forum Sentry include:

  • Protecting service endpoints through endpoint obfuscation.
  • Resolving different schemas that share the same namespace.
  • Reconciling incompatible constraints for elements that appear in multiple schemas.
  • Exposing the list of WSDLs that developers should be working on based on developer credentials. Although external trading partners typically require a single WSDL, internal developers work with multiple WSDLs. A list of WSDL needs to be retrieved from the cloud gateway to better manage developers working across multiple WSDLs.
  • Fault tolerance in multi-cloud deployments.

Service Virtualization is a crucial part of Federated SOA and cloud-based deployments. The vices of free-for-all operations can quickly result in chaos.  Highly distributed enviroments that require automated interaction with suppliers and customers as well as external service providers (SaaS, PaaS, IaaS) can only be controlled through cloud gateways that provide strong service virtualization.

More Stories By Mamoon Yunus

Mamoon Yunus is an industry-honored CEO and visionary in Web Services-based technologies. As the founder of Forum Systems, he pioneered XML Security Gateways & Firewalls and was granted a patent for XML Gateway Appliances. He has spearheaded Forum's direction and strategy for eight generations of award-winning XML Security products. Prior to Forum Systems, Yunus was a Global Systems Engineer for webMethods (NASD: WEBM) where he developed XML-based business integration and architecture plans for Global 2000 companies such as GE, Pepsi, Siemens, and Mass Mutual. He has held various high-level executive positions at Informix (acquired by IBM) and Cambridge Technology Group.

He holds two Graduate Degrees in Engineering from MIT and a BSME from Georgia Institute of Technology. InfoWorld recognized Yunus as one of four "Up and coming CTOs to watch in 2004." He is a sought-after speaker at industry conferences such as RSA, Gartner, Web Services Edge, CSI, Network Interop, and Microsoft TechEd. Yunus has the distinction of showcasing Forum Systems' entrepreneurial leadership as a case study at the MIT Sloan School of Management. He has also been featured on CNBC as Terry Bradshaw's "Pick of the Week."

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.