THEN + NOW / THE EVOLUTION OF WEB SERVICES
A transition away from mainframe computing led to the use of Web Services, which connects machines together based on a specific function. Gartner played an important role in creating awareness and demand for Web Services in the late 1990s. Both public and private registries and exchanges emerged. Some of the exchanges were free and other entailed costs to access Web Services.
Usage increased and Gartner forecast that four in ten financial services transactions would use Web Services models by 2004. At the time, IBM, Software AG, Sun Microsystems, Oracle, and Microsoft produced development tools to serve this demand.
In particular, Microsoft introduced My Services for consumers to access Web Services in 2003, following the protocol known as Universal Description, Discovery and Integration (UDDI). UDDI was one of many methods that conformed to a protocol known as remote procedure calls (RPC). Sometimes known as a Subroutine Call or Function Call, RPC enables an application to request a Web Service without having to understand the network’s details. It makes it easier to access a function or subroutine on a network on another computer.
Others include Common Object Request Broker Architecture (CORBA), Java Remote Method Invocation (Java RMI), and Distributed Component Object Model (DCOM). Enterprise Value Integration presents this historical and technical overview to help clients and consultants understand the context of our methodologies.
THEN / CLIENT-SERVER MODEL
RPC follows a “client-server” model. The application is a client, which sends a request to another application on the server. It sends a response back to the client in short order. Tech Machina observes, “RPC-style Web Services are often implemented by simply generating services interfaces that map directly to existing language-specific function or method calls.” The blog points out that the brittle and complex interfaces with need to be continually regenerated make the object model inherently unstable.
NOW / DOCUMENT-STYLE
A more stable approach to Web Services has emerged in the form of what is known alternatively as Document-style, Service-Oriented Architecture (SOA) style or Messaging Model. This is seen as some as a radical approach, because it emphasizes exchanging messages as well as the schema. Web Services Descriptive Language (WSDL) provides a contract for each document, and results in fewer dependencies. This is departure from a rigid set of operations, as represented by RPC. It is rigid because it is not consistently interoperaable with other platforms. RPC is also is less secure as data is passed through Internet firewalls. Microservice Architecture (MSA) is the embodiment of Document-style. Martin Fowler is one of the leading experts on MSA. He asserts that “automated deployment, intelligence in the endpoints, and decentralized control of languages and data” are the common characteristics of a microservice. These breakthroughs fall into the category of loosely-coupled architecture that minimize failures as a result of dependencies. If you think of these MSA components as independent bricks, the mortar consists of either networking or APIs. The advent of MSA has created significant overhead in a much more dynamic environment. Resources are required to perform tasks, including memory, bandwidth, and computation time. Overhead is any combination of excess or indirect resources. Benjamin Wootton explains, “all of these services potentially need clustering for failover and resilience, turning your single monolithic system into, say, 20 services consisting of 40-60 processes after we’ve added resilience. Throw in load balancers and messaging layers for plumbing between the services and the estate starts to become pretty large when compared to that single monolithic application that delivered the equivalent business functionality!” Wootton is CTO of Contino.
THEN / FEWER ENDPOINTS
With Web Services Before MSA, systems typically had dozens of Web Services with well-defined endpoints. An endpoint can be a directory, folder, a path, or URL and can be inbound, outbound, or both. Now: Many Endpoints with MSA With MSA, there can be thousands of service endpoints, which require the use of virtual image processing (VIP) libraries – designed to process large images. “Libvips” are considered to be mature and well-documented, but is not well-known outside of a small circle. A VIP is a threaded library with no image size limits and fully demand-driven.
NOW / MANY ENDPOINTS
With MSA, there can be thousands of service endpoints, which require the use of virtual image processing (VIP) libraries – designed to process large images. “Libvips” are considered to be mature and well-documented, but is not well-known outside of a small circle. A VIP is a threaded library with no image size limits and fully demand-driven.
THEN / HUNDREDS OF BACKENDS
Before MSA, there were long duration backends with hundreds of implementations. A backend has a specific role or responsibility in a system and maintains business rules or data relevant to a certain domain.
NOW / THOUSANDS OF BACKENDS
MSA can have more than a hundred thousand backends spun-up in milliseconds, and destroyed just as quickly as demand fades.
THEN / DMZs
Before MSA, there were DMZs and firewalling to create a secure infrastructure. A firewall is a first line of defense architected to protect connections and network traffic. It is often built with both hardware and software to examine each message packet and filter out those that do not meet the specified security criteria. It does not authenticate individual users. DMZs are based on the geopolitical term “de-militarized zone,” such as the land between North Korea and South Korea. An administrator might put public-facing servers in the DMZ network, which can be remotely rooted. This separates what the public can access, from the authenticated users. Having public and private environments often requires two firewalls, but doesn’t necessarily address the issue of authentication.
NOW / HANDSHAKES
Since MSA, there can be thousands of services requiring authentication (Auth) handshakes. There are many Auth handshake techniques to authenticate the identity of those making queries.
Prabath Siriwardena feels that an abstract class known as JSON Web Token (JWT) is the best practice because it defines a container to transport data between interested parties and uses a JSON Web Signature (JWS) and an encrypted JWT, also known as JSON Web Encryption (JWE). As noted JWT is an abstract class and JWS or JWE are concrete implementations. Siriwardena notes, “the user context from one microservice to another can be passed along with a JWS.” Trust between microservices can be established with trusted certificates to each microservice with root certificate authority or an intermediary. This reduces overhead, says Siriwardena, who is senior director of security architecture at WSO2.
THEN / ENTERPRISE SERVICE BUS
Historically, the software vendor and integrator MuleSoft has specialized in Enterprise Service Bus (ESB) but it has evolved and expanded its offering to enable connectivity with this layered approach, in which end-user experiences are provided by Experience APIs, Process APIs orchestrate systems, which are exposed through Systems APIs. Layered APIs shares things in common with SOA, such as being fine-grained. One big difference is that multiple network calls can be made through APIs layers, which is not true of SOA.
NOW / MSA PATTERNS
Barbara Liskov describes a pattern as “a standard solution to a common programming problem.” By looking at the problem first, the appropriate implementation structure can be applied. It can include connections among program components or the shape of an object diagram or object model. Liskov is author of Program Development in Java.
Martin Fowler is an author and speaker on the design of enterprise software, particularly microservice patterns. He is an advisor with ThoughtWorks, a software delivery and consulting company.
SIX MSA PATTERNS.
Six of the most common microservice patterns are Message-Oriented, Event-Driven, Isolated State, Replicating State, Fine-Grained (SOA), and Layered Application Programming Interfaces (APIs).
Web Services and Business Processes were once complicated by the issue of State. By their nature, Business Processes are Stateful, in that changes occur after each step is performed. The moment of each event is measured as the clock ticks. In the early days, Web Services were always Stateless. This was slowly resolved with non-proprietary solutions such as business process Management Notation (BPMN) and Business Process Execution Language (PBEL). Yet, some Web Services execute or expose computing functions and others are executing business processes. In some cases, a clock matters and other cases, it does not.
Kristopher Sandoval sees a reason for people to be confused, noting “stateless services have managed to mirror a lot of the behavior of stateful services without technically crossing the line.” His explains, “When the state is stored by the server, it generates a session. This is stateful computing. When the state is stored by the client, it generates some kind of data that is to be used for various systems — while technically ‘stateful’ in that it references a state, the state is stored by the client so we refer to it as stateless. Sandoval writes for Nordic APIs.
Created for developers, by developers, GOTO Conferences are focused on bringing the best minds in the software community and the most interesting topics to light.
STATEFUL PATTERNS AND EVI.
Traditional system design favors consistent data queries and mutating state, which is not how distributed architectures are designed. To avoid unexpected results or data corruption, a state needs to be explicitly declared or each component needs to be autonomous. Event-driven patterns provide standards to avoid side-effects of explicitly declaring a state. Message-oriented systems use a queue, while event-based also sets and enforces standards to assure that the design and behavior of messages over the queue have a timestamp. A materialized view of the state can be reconstructed by the service receiving it. It can then replay the events in order. This makes the event-based pattern ideal for EVI. However, any pattern that records time stamps are suitable. Therefore, an index of microservices should also attempt to classify whether a Service has a time stamp, using the input of whether it is stateful as a key predictor. To start, “service discovery” is required. The resulting index will then be the foundation for assisting the CFO’s team in complying with revenue recognition mandates. It will also allow companies to start writing contracts in new ways, based on an inventory or Business Processes and Microservices. The eventual goal if for event-based accounting systems to correlate each customer transactions with each business process.
GO DEEPER ON THE NEXT PAGE
TOOLS & TECHNOLOGY IN SERVICE DISCOVERY
• Docker & Kubernetes
• Smart Stack
• Mesos
• Zookeeper
• ETCD, Consul and More
DISCOVERY PATTERNS
• OpenStack